CloudLinux OS 6 ELS: sudo package with the fix for the CVE-2021-23240 gradual rollout
A new updated sudo package with the fix for the CVE-2021-23240 within CloudLinux OS 6 ELS has been scheduled for gradual rollout from our production repository.
CloudLinux OS 6 ELS: curl package with the fix for the CVE-2021-22898 gradual rollout completed
A new updated curl package with the fix for the CVE-2021-22898 within CloudLinux OS 6 ELS has been rolled out to 100% and is now available for download from our production repository.
A new ImageMagick package with the fix for the CVE-2020-29599 within CloudLinux 6 ELS has been updated in the current rollout
A new ImageMagick package with the fix for the CVE-2020-29599 within CloudLinux OS 6 extended lifecycle support has been updated in the current rollout.
A new curl package with the fix for the CVE-2021-22876 within CloudLinux OS 6 ELS has been scheduled for gradual rollout
A new python package with the fix for the CVE-2021-3177 for CloudLinux OS 6 and 7 has been rolled out to 100%
A new python package with the fix for the CVE-2021-3177 for CloudLinux OS 6 and 7 has been rolled out to 100% and is now available for download from our production repository.
A new python package with the fix for the CVE-2021-3177 for CloudLinux OS 6 and 7 has been scheduled for gradual rollout
A new python package with the fix for the CVE-2021-3177 for CloudLinux OS 6 and 7 has been scheduled for gradual rollout from our production repository.
OpenSSL and bind packages within CloudLinux OS 6 ELS have been rolled out to 100%
The OpenSSL package with the fix for the CVE-2021-23841 and the bind package with the fix for the CVE-2020-8625 within CloudLinux OS 6 extended lifecycle support have been rolled out to 100% and are now available for download from our production repository.
A new bind package with the fix for the CVE-2020-8625 within CloudLinux 6 Extended Lifecycle Support has been updated in the current rollout
A new bind package with the fix for the CVE-2020-8625 within CloudLinux OS 6 extended lifecycle support has been updated in the current rollout.
A new updated OpenSSL package with the fix for the CVE-2021-23841 within CloudLinux OS 6 Extended Lifecycle Support has been scheduled for gradual rollout
A new OpenSSL package with the fix for the CVE-2021-23841 within CloudLinux OS 6 extended lifecycle support has been scheduled for gradual rollout from our production repository.
A new sudo package with the CVE-2021-3156 fix within CloudLinux 6 Extended Lifecycle Support has been rolled out to 100%
A new sudo package with the CVE-2021-3156 fix within CloudLinux 6 extended lifecycle support has been rolled out to 100% and is now available for download from our production repository.
Changelog
sudo-1.8.6p3-30.cloudlinux.
- Fixed Heap-based buffer overflow in Sudo (CVE-2021-3156)
Update command
yum update sudo*
CVE-2021-3156 description
Sudo before 1.9.5p2 has a Heap-based Buffer Overflow, allowing privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.