Patched a Sudo vulnerability in all supported Ubuntu versions

Canonical today released a security report to inform users of Ubuntu operating systems that a recent Sudo vulnerability (number CVE-2017-1000367) in all supported versions.

According to the security report USN-3304-1 Ubuntu, it appears that this new security vulnerability affects Ubuntu 17.04 (Zesty Zapus), Ubuntu 16.10 (Yakkety Yak), Ubuntu 16.04 LTS (Xenial Xerus) and Ubuntu 14.04 LTS (Trusty Tahr) platforms, as well as all platforms. Derivative distributions, including Kubuntu, Xubuntu, Lubuntu, Ubuntu GNOME, etc.

This vulnerability was discovered in the Sudo component, an open source software that allows users to run programs with the security privileges of another user, such as an administrator. However, Sudo was incorrectly parsing the contents of / proc / [pid] / stat, which could have been exploited by a local attacker to overwrite the files as a system administrator.

“Sudo has been found to not correctly parse the contents of / proc / [pid] / stat when trying to determine its main tty. A local attacker could use this flaw to overwrite any file on the system, bypassing the proper permissions ”, says the security advisory.

All users must update their systems immediately

Sudo is a very important component of UNIX operating systems, so everyone should update their platforms as soon as possible to the new versions of sudo provided by Canonical in the stable Ubuntu software repositories.

In other words, you have to update both the sudo package and the sudo-ldap package to version 1.8.19p1-1ubuntu1.1 in Ubuntu 17.04, 1.8.16-0ubuntu3.2 in Ubuntu 16.10, 1.8.16-0ubuntu1.4 in Ubuntu 16.04 LTS, already version 1.8.9p5-1ubuntu1.4 in Ubuntu 14.04 LTS.

Don't forget to reboot your system after installing the new version of sudo, but make sure to update as soon as possible.


5 comments, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   They are DeJesus said

    Whoops!

  2.   Rodolfo said

    I am an illustrious Linux and Ubuntu initiate, how do I update SUDO?
    SINCE already thank you very much for whoever responds to me.
    Rodolfo

    1.    The Helper Magnus said

      Updating the system normally

    2.    George said

      Dash / Dashboard (Windows key)> Software update and then restart.

      Greetings from Perillo (Oleiros) - A Coruña

  3.   Alberto Saez said

    I come to ask both the same thing from a few days ago as one more thing that I can't see, I'm starting with Linux, little by little reading from forums, blogs, anyway.

    1. How do I update only one program or package? I understand that with
    $ sudo apt-get update && sudo apt-get upgrade is updated but the whole system, how would I want to update only Firefox? I assume this is how SUDO updates, right?

    2. How to view the version of any program or package on the console? They say 1.8.16-0ubuntu1.4 on Ubuntu 16.04 LTS but I have absolutely no idea which one is mine.

    Best regards