Hi,
It comes with regular distro upgrades.
If you want to make sure that you have latest sudo with severe CVE-2021-3156 patched, just make sure that sudo version 1.8.23-10.el7_9.1 is installed, which includes this patch.
You already may have this version installed already.
Try:
yum list installed | grep sudo
… if the output is:
sudo.x86_64 1.8.23-10.el7_9.1 @updates
… it means that you have patched version, according to the change log:
# yum changelog sudo
sudo-1.8.23-10.el7_9.1.x86_64 updates
* Wed Jan 20 15:00:00 2021 Radovan Sroka <rsroka@redhat.com> - 1.8.23-10.1
- RHEL 7.9.Z ERRATUM
- CVE-2021-3156
Resolves: rhbz#1917729