For what it is worth, there are BFF packages available from
https://www.sudo.ws/sudo/dist/packages/ .
These
might be viable option, if one does not need to have anything else OSS/FOSS wise, such as bash, python etc on AIX.
The packages have PGP signatures available and as far as I know the BFF packages do not have any external dependencies.
------------------------------
Esa Kärkkäinen
------------------------------
Original Message:
Sent: Wed February 24, 2021 08:52 AM
From: Manoj Kumar
Subject: Need to install sudo 1.9.5p2 on all AIX server due to vulnerability
Hi Team,
We are getting high score vulnerability identified in sudo running version before 1.9.5p2 on UNIX servers (CVE-2021-3156).
So for that first we need to install sudo 1.9.5p2 on all AIX servers. So just wanted to know how we should proceed?
Across AIX we have less than 1.9.5p2 sudo version installed.
Reference CVE: https://nvd.nist.gov/vuln/detail/CVE-2021-3156
Regards
Manoj
------------------------------
Manoj Kumar
------------------------------