Why is Sudo not updated to latest CVE?

Why is Sudo not updated to latest CVE?

Due to latest CVE-2021-3156, I try to update my centos 7.9 with the following command : But the command return the follwing : I also try yum clean all but still the same result. My Centos run Plesk. Plesk update don’t fix issue, sudo still not update to unvulnerable version.

How to patch Sudo vulnerabilities in Debian 10?

Both CVE-2021-23239 and CVE-2021-23240 are mitigated by fs.protected_symlinks, which is set to 1 by default in Debian 10: this setting only allows symlinks to be followed if they are outside a sticky world-writable directory (such as /tmp ), or when the uid of the symlink and follower match, or when the directory owner matches the symlink’s owner.

Is there a CVE 2021-23240 for Debian?

CVE-2021-23240 additionally only affects systems using SELinux, which isn’t the default in Debian. Thanks for contributing an answer to Unix & Linux Stack Exchange!

Are there any security patches for Debian Wheezy?

I have sudo 1.8.5p2-1+nmu3+deb7u1 installed in Debian Wheezy and I need to update it to fix the CVE-2021-3156 vulnerability. Unfortunately, there are no security patches for Wheezy anymore and upgrading to Stretch is not an option.

Can a vulnerability be backported to a Sudo version?

It is simply because often times a vulnerability patch is simply backported to an existing sudo version. Thus, to verify the patch is successfully applied, it is recommended to test sudo against the vulnerability, as described previously. To check the vulnerability patch for sudo in the changelog of its RPM package:

How to check the latest version of SUDO?

From the change log this patch is applied through a regular update: Binary package sudo-1.8.23-10.el7_9.1.x86_64.rpm changelog. Checking sudo vulnerability with the following command:

Is there a Sudo update in CentOS 1.9?

My Centos run Plesk. Plesk update don’t fix issue, sudo still not update to unvulnerable version. The only check I have done after update is the version and I expected to see a sudo in version 1.9.x, but it’s still to 1.8.x I don’t remeber the minor version is previously.