Skip main navigation (Press Enter).

TechXchange Training Community Credentials Events Conference

TechXchange Training Community Credentials Events Conference

Open Source Development

Power Open Source Development

Explore the open source tools and capabilities for building and deploying modern applications on IBM Power platforms including AIX, IBM i, and Linux.

View Only

Back to discussions

Expand all | Collapse all

sudo security vulnerability fix

Archive UserSat July 15, 2017 11:25 AM

Originally posted by: sanket sudo-1.8.20p2 is now available on AIX toolbox. ...

Archive UserThu November 22, 2018 02:38 AM

Originally posted by: Fasi Mohiuddin Hi Sanket, When I am trying to ...

Archive UserMon November 26, 2018 02:24 AM

Originally posted by: AyappanP This version sudo-1.6.9p23-2noldap has epoch/serial ...

Archive UserMon November 26, 2018 06:20 AM

Originally posted by: Fasi Mohiuddin Hi, Is this file ( /etc/sudoers ...

Archive UserMon November 26, 2018 07:18 AM

Originally posted by: AyappanP Any files in /etc/sudoers.d directory as well. ...

1. sudo security vulnerability fix

Like
Archive User
Posted Sat July 15, 2017 11:25 AM

Reply
Originally posted by: sanket

sudo-1.8.20p2 is now available on AIX toolbox.

https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/sudo/sudo-1.8.20p2-3.aix6.1.ppc.rpm

This version has fix for following security vulnerabilities.

CVE-2017-1000367
CVE-2017-1000368

#AIXOpenSource
#AIX-Open-Source-Software
2. Re: sudo security vulnerability fix

Like
Archive User
Posted Thu November 22, 2018 02:38 AM

Reply
Originally posted by: Fasi Mohiuddin

Hi Sanket,

When I am trying to upgrade to fix this vulnerability, getting following message:

#rpm -Uvh sudo-1.8.26-1.aix71.rpm
package sudo-1.6.9p23-2noldap (which is newer than sudo-1.8.26-1) is already installed.

Kindly advice.

#AIX-Open-Source-Software
#AIXOpenSource
3. Re: sudo security vulnerability fix

Like
Archive User
Posted Mon November 26, 2018 02:24 AM

Reply
Originally posted by: AyappanP

This version sudo-1.6.9p23-2noldap has epoch/serial tag added in it so this will always be considered newer.

In this case, you can remove the sudo rpm (Before that make sure you take backup of sudo conf files) and install the newer version.

#AIXOpenSource
#AIX-Open-Source-Software
4. Re: sudo security vulnerability fix

Like
Archive User
Posted Mon November 26, 2018 06:20 AM

Reply
Originally posted by: Fasi Mohiuddin

Hi,

Is this file (/etc/sudoers) enough for backup or is there any other file to be backed up before removing Sudo.

#AIXOpenSource
#AIX-Open-Source-Software
5. Re: sudo security vulnerability fix

Like
Archive User
Posted Mon November 26, 2018 07:18 AM

Reply
Originally posted by: AyappanP

Any files in /etc/sudoers.d directory as well.

#AIX-Open-Source-Software
#AIXOpenSource

Additional
Resources

Discover these carefully selected resources to dive deeper into your journey and unlock fresh insights

Office

If you need immediate assistance please contact the Community Management team

support@communitysite.ibm.com

Monday - Friday: 8AM - 5 PM MT

Powered by Higher Logic

Global message icon