[CentOS] CentOS 6 fix sudo CVE-2021-3156

Thu Jan 28 18:17:42 UTC 2021
James Pearson <james-p at moving-picture.com>

Barry Brimer:
> I just installed this on a previously fully updated CentOS Linux 6 (x86_64) VM.
> The package installed fine, the sudo functionality still works but according to
> the test described in the qualys advisory of running "sudoedit -s /”
> (without quotes) this system is still vulnerable.

I guess that is a question to ask those that support OL6 ?

I noticed the same - but I don't know if running 'sudoedit -s /' is an absolute measure of the vulnerability being fixed?

There is definitely a 'CVE-2021-3156' patch that is applied in the SRPM ...

I don't know of another way of testing if this build fixes the issue ?

James Pearson