Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156

28 Jan 2021


      Barry Brimer:
...
I just installed this on a previously fully updated CentOS Linux 6 (x86_64) VM.
The package installed fine, the sudo functionality still works but according to
the test described in the qualys advisory of running "sudoedit -s /”
(without quotes) this system is still vulnerable.
I guess that is a question to ask those that support OL6 ?
I noticed the same - but I don't know if running 'sudoedit -s /' is an absolute measure of the vulnerability being fixed?
There is definitely a 'CVE-2021-3156' patch that is applied in the SRPM ...
I don't know of another way of testing if this build fixes the issue ?
James Pearson

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [CentOS] CentOS 6 fix sudo CVE-2021-3156