Re: According to one update package
Ozgur Altinter (DHL TR):
> Hello All,
>
> We got some update from Redhat according to Sudo . (CVE-2019-14287)
>
> https://access.redhat.com/security/cve/cve-2019-14287
>
> But when we checked from Debian Library we found out below link regarding to some Sudo update .
>
> https://security-tracker.debian.org/tracker/CVE-2019-14287
>
> My first questions is this same vulnerability patch ? When I checked Only showing deb9u1 ,deb8u6 ,deb10u1. My system details are as follow. could you pls which one I can choice for my system ?
>
> -----------------------------------------------------------
> Linux 3.16.0-4-amd64 #1 SMP Debian 3.16.39-1+deb8u1 (2017-02-22) x86_64 GNU/Linux
> jessie InRelease
> Sudo version 1.8.10p3
> Sudoers policy plugin version 1.8.10p3
> Sudoers file grammar version 43
> Sudoers I/O plugin version 1.8.10p3
>
> debian_version 8.7
> ---------------------------------------------------------------
Since your system is running Debian 8 (Jessie), the version of sudo with the fix
is deb8u6 -- note that the Debian version is embedded in these update versions:
deb8u6 is the security update for Debian 8 (Jessie)
deb9u1 is the security update for Debian 9 (Stretch)
deb10u1 is the security update for Debian 10 (Buster)
> Below link has many updates. I am confusing which one I can choice ?
> https://www.sudo.ws/dist/packages/Debian/8/
It appears these particular updates don't come from Debian; I think the one you
want is this one from security.debian.org:
http://security-cdn.debian.org/debian-security/pool/main/s/sudo/sudo_1.8.10p3-1+deb8u6_amd64.deb
-- Chris
--
Chris Knadle
Chris.Knadle@coredump.us
Reply to: