Sudo 1.8.28

Support for security such as Firewalls and securing linux
Post Reply
dscoland
Posts: 4
Joined: 2019/10/21 16:04:24

Sudo 1.8.28

Post by dscoland » 2019/10/29 12:53:42

Hi,

Forgive me if this was posted before, but does the below CentOS 7 version support the latest sudo 1.8.28 release to mitigate vulnerability CVE-2019-14287?

Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-693.17.1.el7.x86_64
Architecture: x86-64

Thanks,
Daniel

User avatar
TrevorH
Forum Moderator
Posts: 27127
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Sudo 1.8.28

Post by TrevorH » 2019/10/29 14:04:40

Kernel: Linux 3.10.0-693.17.1.el7.x86_64
You have way bigger problems than that sudo update. That kernel version is from CentSO 7.4 and dates from sometime in 2017. That means you are missing the entirety of the last 2 years worth of security updates and if the kernel is backlevel then the chances are that the rest of your system is too. You need to run a full yum update to get yourself off 7.4 and onto 7.7 plus all the latest updates.

Now, the sudo update, while important, only affects a very limited number of installations as you need to have a very specific setup in order to be able to exploit the bug. Read https://access.redhat.com/security/cve/cve-2019-14287 and look at the examples they give there. If your sudo config is not like those then you do not have a vulnerable system.

The update is fixed in the sudo-1.8.23-4.el7_7.1.x86_64 package. That was released for RHEL on the 24th Oct and is now out for CentOS though you may need to do a yum clean all to make sure you fetch the latest metadata from the mirror network before you yum update
CentOS 6 will die in November 2020 - migrate sooner rather than later!
CentOS 5 has been EOL for nearly 3 years and should no longer be used for anything!
Full time Geek, part time moderator. Use the FAQ Luke

dscoland
Posts: 4
Joined: 2019/10/21 16:04:24

Re: Sudo 1.8.28

Post by dscoland » 2019/10/29 17:26:17

Hi Trevor,

Yeah; thanks for pointing this out to us. We have upgraded the kernel to version 3.10.0-1062.4.1.el7.x86_64, and we have not configured our Sudoers file to include a user that can run All commands that includes and exclusion of root.

Best,
Daniel

Post Reply

Return to “CentOS 7 - Security Support”