I tried to patch the new sudo vulnerability as described in https://access.redhat.com/security/vulnerabilities/RHSB-2021-002
I'm getting the following error.
# stap -g sudoedit-block.stap
Checking "/lib/modules/3.10.0-1062.9.1.el7.x86_64/build/.config" failed with error: No such file or directory
Incorrect version or missing kernel-devel package, use: yum install kernel-devel-3.10.0-1062.9.1.el7.x86_64
However that package is not available. This is on CentOS 7.
# yum install kernel-devel-3.10.0-1062.9.1.el7.x86_64
Loaded plugins: auto-update-debuginfo, fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* epel: mirror.its.dal.ca
* epel-debuginfo: mirror.its.dal.ca
No package kernel-devel-3.10.0-1062.9.1.el7.x86_64 available.
What's the path forward in protecting against this vulnerability?
Best Answer
I strongly suggest installing the new sudo package as recommended in the bulletin that you linked to.
I believe https://access.redhat.com/errata/RHSA-2021:0221 is the relevant errata entry for RHEL 7, noting the release of
sudo-1.8.23-10.el7_9.1.x86_64.rpm.