ansible/sudo_upgrade.yml

#!/usr/bin/env ansible-playbook
---
# This is a special playbook to upgrade sudo everywhere after the
# CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
# Please always use with --limit myserver.adm.auro.re
# And list updates with --check
- hosts: all
  tasks:
    - name: Upgrade sudo
      apt:
        name: sudo
        state: latest
        update_cache: true
        cache_valid_time: 3600  # one hour
      register: apt_result
      retries: 3
      until: apt_result is succeeded
Add playbook to deploy sudo update on all machines 2021-01-27 14:36:14 +01:00			`#!/usr/bin/env ansible-playbook`
			`---`
			`# This is a special playbook to upgrade sudo everywhere after the`
			`# CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)`
			`# Please always use with --limit myserver.adm.auro.re`
			`# And list updates with --check`
			`- hosts: all`
			`tasks:`
			`- name: Upgrade sudo`
			`apt:`
			`name: sudo`
			`state: latest`
			`update_cache: true`
			`cache_valid_time: 3600 # one hour`
			`register: apt_result`
			`retries: 3`
			`until: apt_result is succeeded`