I hadn't heard of Qualys until today, and am very unhappy with them. They have t... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

cpncrunch on Jan 27, 2021 | parent | context | favorite | on: Heap-based buffer overflow in Sudo

I hadn't heard of Qualys until today, and am very unhappy with them. They have thrown us all under the bus by releasing details of this vulnerability before updates are available for major distros. (Still no update for Centos 8 at time of writing this, not sure about any others).

ilikejam on Jan 27, 2021 [–]

RedHat built the fixed sudo RPMs 5 days ago.

cpncrunch on Jan 27, 2021 | [–]

They only released it yesterday:

https://access.redhat.com/security/cve/CVE-2021-3156

Still nothing on Centos. Perhaps just another reason to not trust Redhat.

cpncrunch on Jan 27, 2021 | | [–]

Update is finally here.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact