The Qualys Research Team has discovered a vulnerability in sudo, CVE-2021-3156. Patches are already available in the vendor repositories. Any unprivileged user can gain root privileges. The vulnerability is present in all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1 in their default configuration.

Details of patched versions for RedHat distributions are:

RHEL/CentOS7: sudo-1.8.23-10.el7_9.1

RHEL/CentOS8: sudo-1.8.29-6.el8_3.1

Read more in our advisory: