#!/usr/bin/env ansible-playbook
---
# This is a special playbook to upgrade sudo everywhere after the
# CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
# Please always use with --limit myserver.adm.auro.re
# And list updates with --check
- hosts: all
  tasks:
    - name: Upgrade sudo
      apt:
        name: sudo
        state: latest
        update_cache: true
        cache_valid_time: 3600  # one hour
      register: apt_result
      retries: 3
      until: apt_result is succeeded