Il 2021-01-28 19:17 James Pearson ha scritto:
I don't know of another way of testing if this build fixes the issue ?
According to Qualys blog, sudoedit -s '\' `perl -e 'print "A" x 65536'` should core-dump on vulnerable versions.
I just tried on stock 6.10 and it core-dumps, indeed. Upgrading to the OL6 sudo package fixes the issue, indeed (no more core dump).
So it seems to work fine to me. Thanks. -- Danti Gionatan Supporto Tecnico Assyoma S.r.l. - www.assyoma.it email: g.danti@xxxxxxxxxx - info@xxxxxxxxxx GPG public key ID: FF5F32A8 _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
