Canonical today released a security report to inform users of Ubuntu operating systems that a recent Sudo vulnerability (number CVE-2017-1000367) in all supported versions.
According to the security report USN-3304-1 Ubuntu, it appears that this new security vulnerability affects Ubuntu 17.04 (Zesty Zapus), Ubuntu 16.10 (Yakkety Yak), Ubuntu 16.04 LTS (Xenial Xerus) and Ubuntu 14.04 LTS (Trusty Tahr) platforms, as well as all platforms. Derivative distributions, including Kubuntu, Xubuntu, Lubuntu, Ubuntu GNOME, etc.
This vulnerability was discovered in the Sudo component, an open source software that allows users to run programs with the security privileges of another user, such as an administrator. However, Sudo was incorrectly parsing the contents of / proc / [pid] / stat, which could have been exploited by a local attacker to overwrite the files as a system administrator.
“Sudo has been found to not correctly parse the contents of / proc / [pid] / stat when trying to determine its main tty. A local attacker could use this flaw to overwrite any file on the system, bypassing the proper permissions ”, says the security advisory.
All users must update their systems immediately
Sudo is a very important component of UNIX operating systems, so everyone should update their platforms as soon as possible to the new versions of sudo provided by Canonical in the stable Ubuntu software repositories.
In other words, you have to update both the sudo package and the sudo-ldap package to version 1.8.19p1-1ubuntu1.1 in Ubuntu 17.04, 1.8.16-0ubuntu3.2 in Ubuntu 16.10, 1.8.16-0ubuntu1.4 in Ubuntu 16.04 LTS, already version 1.8.9p5-1ubuntu1.4 in Ubuntu 14.04 LTS.
Don't forget to reboot your system after installing the new version of sudo, but make sure to update as soon as possible.
Whoops!
I am an illustrious Linux and Ubuntu initiate, how do I update SUDO?
SINCE already thank you very much for whoever responds to me.
Rodolfo
Updating the system normally
Dash / Dashboard (Windows key)> Software update and then restart.
Greetings from Perillo (Oleiros) - A Coruña
I come to ask both the same thing from a few days ago as one more thing that I can't see, I'm starting with Linux, little by little reading from forums, blogs, anyway.
1. How do I update only one program or package? I understand that with
$ sudo apt-get update && sudo apt-get upgrade is updated but the whole system, how would I want to update only Firefox? I assume this is how SUDO updates, right?
2. How to view the version of any program or package on the console? They say 1.8.16-0ubuntu1.4 on Ubuntu 16.04 LTS but I have absolutely no idea which one is mine.
Best regards