[sudo-users] No more security fixes for sudo 1.8.x?
Colin Finck
c.finck at enlyze.com
Thu Feb 4 07:36:46 MST 2021
Hello everyone!
With CVE-2021-3156, CVE-2021-23239, and CVE-2021-23240, there have been
three critical security issues lately, which are fixed in the latest
sudo 1.9.5p2 release, but also affect sudo 1.8.31p2 as far as I know.
Some Linux distros like Ubuntu that are on the 1.8.x branch have already
backported the fix themselves, but others (like Yocto/OpenEmbedded)
still seem to be waiting for an official fix for the 1.8 branch.
https://www.sudo.ws/legacy.html reads that the sudo 1.8 branch "receives
no new features, only critical bug fixes".
Is that no longer the case and sudo 1.8.x has been abandoned entirely?
Best regards,
Colin Finck
More information about the sudo-users
mailing list