I just installed this on a previously fully updated CentOS Linux 6 (x86_64) VM.
The package installed fine, the sudo functionality still works but according to
the test described in the qualys advisory of running "sudoedit -s /?
(without quotes) this system is still vulnerable.
My CentOS Linux 7 (x86_64), CentOS Linux 8 (x86_64), and CentOS Stream 8
(x86_64) VM running the actual CentOS package do not appear vulnerable running
this test.
Migrating the previously mentioned CentOS Linux 6 vm to Oracle Linux and running
the same test shows the fully updated Oracle Linux 6 to be vulnerable as well.
Has anyone else tried this? Do your results match or differ from mine?
Thanks,
Barry
On January 28, 2021 9:15:47 AM UTC, James Pearson <james-p at
moving-picture.com> wrote:>Maxim Shpakov:
>>
>> You can use oracle linux 6 , it is still supported (till March 2021)
>
>Looks like Oracle's el6 sudo update is now available:
>
>https://yum.oracle.com/repo/OracleLinux/OL6/latest/x86_64/getPackage/sudo-1.8.6p3-29.0.2.el6_10.3.x86_64.rpm
>https://yum.oracle.com/repo/OracleLinux/OL6/latest/i386/getPackage/sudo-1.8.6p3-29.0.2.el6_10.3.i686.rpm
>http://oss.oracle.com/ol6/SRPMS-updates/sudo-1.8.6p3-29.0.2.el6_10.3.src.rpm
>
>* Tue Jan 26 2021 Qing Lin <qing.lin at oracle.com> -
>1.8.6p3-29.0.2.el6_10.3
>- backport the fix CVE-2021-3156.patch from ol7.
>
>James Pearson
>_______________________________________________
>CentOS mailing list
>CentOS at centos.org
>https://lists.centos.org/mailman/listinfo/centos