When are we going to see sudo 1.8.20p2 in the repositories?
Yum is happy with version 1.8.6p7-20.el7.x86_64 from 2013.
There is at least one security issue ( CVE-2017-1000367 ) with this old version.
Sudo 1.8.20p2
Re: Sudo 1.8.20p2
Bzzzt,wrong.
Please read https://access.redhat.com/security/updates/backporting
Code: Select all
$rpm -q sudo
sudo-1.8.6p7-22.el7_3.x86_64
$ rpm -q --changelog sudo | less
* Mon May 29 2017 Radovan Sroka <rsroka@redhat.com> - 1.8.6p7-22
- Fixes CVE-2017-1000367 sudo: Privilege escalation in via improper get_process_ttyname() parsing [rhel-7.3.z]
Resolves: rhbz#1455401
...
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Sudo 1.8.20p2
Interesting (and confusing as stated in that article).
Is there a reason why we need to stick with 1.8.6 and not just upgrade to 1.8.20 ?
Is there a reason why we need to stick with 1.8.6 and not just upgrade to 1.8.20 ?
Re: Sudo 1.8.20p2
Because that's the one we supply and upgrading to 1.8.20 will stop you from getting future updates from us since they would also be 1.8.6-xy and would not be greater than 1.8.20.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: Sudo 1.8.20p2
Do you ask, why does Red Hat backport rather than upgrade? In the same article:wvos wrote:Interesting (and confusing as stated in that article).
Is there a reason why we need to stick with 1.8.6 and not just upgrade to 1.8.20 ?
Back in time, the latest and greatest bells and whistles did look awesome. However, after a time the jewels cease to sparkle, the gold loses its luster, and a stable system starts to beckon.Red Hat wrote:For most products, our default practice is to backport security fixes, but we do sometimes provide version updates for some packages after careful testing and analysis. These are likely to be packages that have no interaction with others, or those used by an end-user, such as web browsers and instant messaging clients.