News

=========================================================== Ubuntu Security Notice USN-142-1 June 21, 2005 sudo vulnerability CAN-2005-1993 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: sudo The problem can be corrected by upgrading the affected package to version 1.6.7p5-1ubuntu4.2 (for Ubuntu 4.10), or 1.6.8p5-1ubuntu2.1 (for Ubuntu 5.04). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Charles Morris discovered a race condition in sudo which could lead to privilege escalation. If /etc/sudoers allowed a user the execution of selected programs, and this was followed by another line containing the pseudo-command "ALL", that user could execute arbitrary commands with sudo by creating symbolic links at a certain time. Please note that this does not affect a standard Ubuntu installation.