[BlueOnyx:24737] Re: Memory error in Sudo enables root rights
Michael Stauber
mstauber at blueonyx.it
Wed Jan 27 17:00:52 -05 2021
Hi Dirk,
> have you read about this?
Yeah, I followed it since it was first mentioned on Reddit. For your
entertainment see these link:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-23240
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2021-3156
On 2021-01-16 Mauro Matteo Cascella from RedHat pointed out that SELinux
mitigates it, RedHat ships with SELinux enabled, so anyone should kindly
bugger off about the issue.
Six days earlier in another department of RedHat they published these
page, though:
https://access.redhat.com/security/cve/CVE-2021-23240
https://access.redhat.com/security/cve/CVE-2021-3156
These gave it a security rating of 7.8, which is pretty serious. Shows
that not everyone at DeadRat has lost their marbles, but the percentage
is certainly higher in those departments that manage bugzilla.
> Do you know something about an ETA für an patched versions for centos?
RedHat released updated RPMs for RHEL7 and RHEL8 on 26th January and
CentOS 7 and CentOS 8 also directly rebuilt these and shoved them out.
They got installed automatically on most of my boxes last night.
[root at 5209r ~]# rpm -q sudo ; rpm -q sudo --changelog|grep CVE-2021-3156
sudo-1.8.23-10.el7_9.1.x86_64
- CVE-2021-3156
[root at 5210r ~]# rpm -q sudo ; rpm -q sudo --changelog|grep CVE-2021-3156
sudo-1.8.29-6.el8_3.1.x86_64
- CVE-2021-3156
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list