Re: According to one update package
On Thu, 2019-11-28 at 08:33 +, Ozgur Altinter (DHL TR) wrote: > Hello All, > > We got some update from Redhat according to Sudo . (CVE-2019-14287) > > https://access.redhat.com/security/cve/cve-2019-14287 > > But when we checked from Debian Library we found out below link regarding to > some Sudo update . > > https://security-tracker.debian.org/tracker/CVE-2019-14287 > > My first questions is this same vulnerability patch ? When I checked Only > showing deb9u1 ,deb8u6 ,deb10u1. My system details are as follow. could you > pls which one I can choice for my system ? > > --- > Linux 3.16.0-4-amd64 #1 SMP Debian 3.16.39-1+deb8u1 (2017-02-22) x86_64 > GNU/Linux [...] You have skipped nearly 3 years of kernel updates and you are worrying about an obscure sudo security problem? Ben. -- Ben Hutchings Every program is either trivial or else contains at least one bug signature.asc Description: This is a digitally signed message part
Re: According to one update package
Ozgur Altinter (DHL TR): > Hello All, > > We got some update from Redhat according to Sudo . (CVE-2019-14287) > > https://access.redhat.com/security/cve/cve-2019-14287 > > But when we checked from Debian Library we found out below link regarding to > some Sudo update . > > https://security-tracker.debian.org/tracker/CVE-2019-14287 > > My first questions is this same vulnerability patch ? When I checked Only > showing deb9u1 ,deb8u6 ,deb10u1. My system details are as follow. could you > pls which one I can choice for my system ? > > --- > Linux 3.16.0-4-amd64 #1 SMP Debian 3.16.39-1+deb8u1 (2017-02-22) x86_64 > GNU/Linux > jessie InRelease > Sudo version 1.8.10p3 > Sudoers policy plugin version 1.8.10p3 > Sudoers file grammar version 43 > Sudoers I/O plugin version 1.8.10p3 > > debian_version 8.7 > --- Since your system is running Debian 8 (Jessie), the version of sudo with the fix is deb8u6 -- note that the Debian version is embedded in these update versions: deb8u6 is the security update for Debian 8 (Jessie) deb9u1 is the security update for Debian 9 (Stretch) deb10u1 is the security update for Debian 10 (Buster) > Below link has many updates. I am confusing which one I can choice ? > https://www.sudo.ws/dist/packages/Debian/8/ It appears these particular updates don't come from Debian; I think the one you want is this one from security.debian.org: http://security-cdn.debian.org/debian-security/pool/main/s/sudo/sudo_1.8.10p3-1+deb8u6_amd64.deb -- Chris -- Chris Knadle chris.kna...@coredump.us
RE: According to one update package
Hello Andrej , I know apt update but which updtae do I need to run regarding to SUDO vulnerability patch for debian ? Can you route me direct package ? Thanks Özgür ALTINTER System and Network Specialist DHL Global Forwarding Tasımacılık A.Ş. -Original Message- From: Andrej Shadura [mailto:and...@shadura.me] Sent: Thursday, November 28, 2019 12:44 PM To: Ozgur Altinter (DHL TR) Cc: debian-devel@lists.debian.org Subject: Re: According to one update package Hello Ozgur, On Thu, 28 Nov 2019 at 09:33, Ozgur Altinter (DHL TR) wrote: > Hello All, > We got some update from Redhat according to Sudo . (CVE-2019-14287) > https://access.redhat.com/security/cve/cve-2019-14287 > But when we checked from Debian Library we found out below link regarding to > some Sudo update . > https://security-tracker.debian.org/tracker/CVE-2019-14287 > My first questions is this same vulnerability patch ? When I checked Only > showing deb9u1 ,deb8u6 ,deb10u1. My system details are as follow. could you > pls which one I can choice for my system ? You need to run apt update and apt upgrade, this will install all recent updates (which you have skipped a lot) onto your system. -- Cheers, Andrej
Re: According to one update package
Hi all, On 28.11.19 10:43, Andrej Shadura wrote: > On Thu, 28 Nov 2019 at 09:33, Ozgur Altinter (DHL TR) >> But when we checked from Debian Library we found out below link regarding to >> some Sudo update . > >> https://security-tracker.debian.org/tracker/CVE-2019-14287 > >> My first questions is this same vulnerability patch ? When I checked Only >> showing deb9u1 ,deb8u6 ,deb10u1. My system details are as follow. could you >> pls which one I can choice for my system ? > > You need to run apt update and apt upgrade, this will install all > recent updates (which you have skipped a lot) onto your system. Besides, you should prepare upgrading to a newer version of Debian. Debian Jessie will receive support until ~2020-06-30 only according to https://wiki.debian.org/DebianReleases Best wishes Michael signature.asc Description: OpenPGP digital signature
