thr3ads.net - CentOS - [CentOS] CentOS 6 fix sudo CVE-2021-3156 [Jan 2021]

If this information is useful, please help other people find it:
Share via:

Gionatan Danti

2021-Jan-27 07:38 UTC

[CentOS] CentOS 6 fix sudo CVE-2021-3156

Hi all,
do you know if a fix for sudo CVE-2021-3156 is available for CentOS 6?

While CentOS 6 is now supported anymore, RedHat has it under its 
payedsupport agreement (see: 
https://access.redhat.com/security/vulnerabilities/RHSB-2021-002).

So I wonder if some community-packaged patch exists...
Thanks.

-- 
Danti Gionatan
Supporto Tecnico
Assyoma S.r.l. - www.assyoma.it
email: g.danti at assyoma.it - info at assyoma.it
GPG public key ID: FF5F32A8

Walter H.

2021-Jan-27 08:34 UTC

head link

[CentOS] CentOS 6 fix sudo CVE-2021-3156

is that what you expect to find?
https://access.redhat.com/errata/RHSA-2021:0227

On 27.01.2021 08:38, Gionatan Danti wrote:> Hi all,
> do you know if a fix for sudo CVE-2021-3156 is available for CentOS 6?
>
> While CentOS 6 is now supported anymore, RedHat has it under its 
> payedsupport agreement (see: 
> https://access.redhat.com/security/vulnerabilities/RHSB-2021-002).
>
> So I wonder if some community-packaged patch exists...
> Thanks.
>

Maxim Shpakov

2021-Jan-27 09:38 UTC

head link

[CentOS] CentOS 6 fix sudo CVE-2021-3156

Hi

You can use oracle linux 6 , it is still supported (till March 2021)

On Wed, 27 Jan 2021 at 09:38, Gionatan Danti <g.danti at assyoma.it>
wrote:
> Hi all,
> do you know if a fix for sudo CVE-2021-3156 is available for CentOS 6?
>
> While CentOS 6 is now supported anymore, RedHat has it under its
> payedsupport agreement (see:
> https://access.redhat.com/security/vulnerabilities/RHSB-2021-002).
>
> So I wonder if some community-packaged patch exists...
> Thanks.
>
> --
> Danti Gionatan
> Supporto Tecnico
> Assyoma S.r.l. - www.assyoma.it
> email: g.danti at assyoma.it - info at assyoma.it
> GPG public key ID: FF5F32A8
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos
>

Christian Anthon

2021-Jan-27 13:19 UTC

head link

[CentOS] CentOS 6 fix sudo CVE-2021-3156

Centos-6 compatible packages are available from the official sudo 
webpage. It's a later version of sudo and I'm not sure if that will 
cause problems. I've tried installing it and so-far so-good.

https://www.sudo.ws/download.html

Cheers, Christian.

On 27/01/2021 08.38, Gionatan Danti wrote:> Hi all,
> do you know if a fix for sudo CVE-2021-3156 is available for CentOS 6?
>
> While CentOS 6 is now supported anymore, RedHat has it under its 
> payedsupport agreement (see: 
> https://access.redhat.com/security/vulnerabilities/RHSB-2021-002).
>
> So I wonder if some community-packaged patch exists...
> Thanks.
>

CentOS - Jan 2021 - CentOS 6 fix sudo CVE-2021-3156

[CentOS] CentOS 6 fix sudo CVE-2021-3156

[CentOS] CentOS 6 fix sudo CVE-2021-3156

[CentOS] CentOS 6 fix sudo CVE-2021-3156

[CentOS] CentOS 6 fix sudo CVE-2021-3156