1

I tried to patch the new sudo vulnerability as described in https://access.redhat.com/security/vulnerabilities/RHSB-2021-002

I'm getting the following error.

# stap -g sudoedit-block.stap Checking "/lib/modules/3.10.0-1062.9.1.el7.x86_64/build/.config" failed with error: No such file or directory Incorrect version or missing kernel-devel package, use: yum install kernel-devel-3.10.0-1062.9.1.el7.x86_64

However that package is not available. This is on CentOS 7.

# yum install kernel-devel-3.10.0-1062.9.1.el7.x86_64 Loaded plugins: auto-update-debuginfo, fastestmirror, langpacks Loading mirror speeds from cached hostfile * epel: mirror.its.dal.ca * epel-debuginfo: mirror.its.dal.ca No package kernel-devel-3.10.0-1062.9.1.el7.x86_64 available.

What's the path forward in protecting against this vulnerability?

Improve this question
2
  • Update your system. Commented Jan 27, 2021 at 23:55
  • that kernel is too old, probably upgrade your kernel to a newer one then install newer kernel-devel package too. Commented Jan 31, 2021 at 15:49

1 Answer 1

Reset to default
1

I strongly suggest installing the new sudo package as recommended in the bulletin that you linked to.

I believe https://access.redhat.com/errata/RHSA-2021:0221 is the relevant errata entry for RHEL 7, noting the release of sudo-1.8.23-10.el7_9.1.x86_64.rpm.

Improve this answer
14
  • How could you tell I was using CentOS? I installed the latest sudo yum package, but the cve checker script says it's still not protected. Detected 'sudo' package: sudo-1.8.23-10.el7.x86_64 This sudo version is vulnerable. Commented Jan 27, 2021 at 23:56
  • @MichaelHampton Ah, I did pick the wrong errata entry. Updated. Commented Jan 27, 2021 at 23:57
  • @360man Right, if this is about Centos, I assume there will be a package available relatively soon there as well. Maybe add a note about that particular situation to the question? Commented Jan 28, 2021 at 0:00
  • @360man My last CentOS 7 system (almost everything is on 8 now) already picked up the update, so your local mirror probably doesn't have it yet. Give it a 24 hours. Commented Jan 28, 2021 at 0:01
  • 1
    @360man At this point you should check your system to ensure that you are actually using official CentOS repos and not some third party mirrors. All official mirrors should have it already. Commented Jan 28, 2021 at 20:28

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.