Am 28.01.21 um 00:02 schrieb Konstantin Olchanski: > sudo is broken, CVE-2021-3156. Fixed packages are out for el7, el8, ubuntu. > > There is a fixed package for RHEL6, sudo-1.8.6p3-29.el6_10.4.x86_64.rpm, see > https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com_errata_RHSA-2D2021-3A0227&d=DwIBAg&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=DdnVo6dknCRTqounMfG7Q82qFx2i7ANhA2ba5RkXC4g&s=R-6UJIwBbW5KnUMkSLmGuGA03CoQQ0nkVLXkC2ogupA&e= > > Now, any chance of fixed package for SL6? (just checked, no fix in CERN SLC6, no fix in EPEL). Dear Konstantin, indeed there is a fixed package, it is part of TUV' Extended Life-Cycle Support Add-On, they provide selected security updates for critical and important security fixes to paying customers. These packages are not generally available to the public and not rebuilt by SL. However, you might get it from Oracle in the future, watch this page: https://yum.oracle.com/whatsnew.html Regards, Götz -- Götz Waschk ° Phone: +49 33762 77169 Deutsches Elektronen-Synchrotron DESY ° Fax: +49 33762 77216 Platanenallee 6 ° E-Mail: [log in to unmask] 15738 Zeuthen Germany