SCIENTIFIC-LINUX-USERS Archives

January 2021

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: sudo fix for SL6
From:
Götz Waschk <[log in to unmask]>
Reply To:
Götz Waschk <[log in to unmask]>
Date:
Thu, 28 Jan 2021 08:06:46 +0100
Content-Type:
multipart/signed
Parts/Attachments:
text/plain (1274 bytes) , smime.p7s (5 kB) 
Am 28.01.21 um 00:02 schrieb Konstantin Olchanski:
> sudo is broken, CVE-2021-3156. Fixed packages are out for el7, el8, ubuntu.
> 
> There is a fixed package for RHEL6, sudo-1.8.6p3-29.el6_10.4.x86_64.rpm, see
> https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_errata_RHSA-2D2021-3A0227&d=DwIBAg&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=DdnVo6dknCRTqounMfG7Q82qFx2i7ANhA2ba5RkXC4g&s=R-6UJIwBbW5KnUMkSLmGuGA03CoQQ0nkVLXkC2ogupA&e= 
> 
> Now, any chance of fixed package for SL6? (just checked, no fix in CERN SLC6, no fix in EPEL).
Dear Konstantin,

indeed there is a fixed package, it is part of TUV' Extended Life-Cycle
Support Add-On, they provide selected security updates for critical and
important security fixes to paying customers. These packages are not
generally available to the public and not rebuilt by SL. However, you
might get it from Oracle in the future, watch this page:
https://yum.oracle.com/whatsnew.html

Regards,
Götz


-- 
Götz Waschk                            ° Phone:  +49 33762 77169
Deutsches Elektronen-Synchrotron DESY  ° Fax:    +49 33762 77216
Platanenallee 6                        ° E-Mail: [log in to unmask]
15738 Zeuthen Germany

ATOM RSS1 RSS2