==========================================================================
Ubuntu Security Notice USN-4154-1
October 14, 2019
sudo vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 19.04
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS
– Ubuntu 14.04 ESM
– Ubuntu 12.04 ESM
Summary:
Sudo could be made to run commands as root if it called with
a specially crafted user ID.
Software Description:
– sudo: Provide limited super user privileges to specific users
Details:
Joe Vennix discovered that Sudo incorrectly handled
certain user IDs. An attacker could potentially exploit this
to execute arbitrary commands as the root user.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
sudo 1.8.27-1ubuntu1.1
sudo-ldap 1.8.27-1ubuntu1.1
Ubuntu 18.04 LTS:
sudo 1.8.21p2-3ubuntu1.1
sudo-ldap 1.8.21p2-3ubuntu1.1
Ubuntu 16.04 LTS:
sudo 1.8.16-0ubuntu1.8
sudo-ldap 1.8.16-0ubuntu1.8
Ubuntu 14.04 ESM:
sudo 1.8.9p5-1ubuntu1.5+esm2
sudo-ldap 1.8.9p5-1ubuntu1.5+esm2
Ubuntu 12.04 ESM:
sudo 1.8.3p1-1ubuntu3.8
sudo-ldap 1.8.3p1-1ubuntu3.8
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4154-1
CVE-2019-14287
Package Information:
https://launchpad.net/ubuntu/+source/sudo/1.8.27-1ubuntu1.1
https://launchpad.net/ubuntu/+source/sudo/1.8.21p2-3ubuntu1.1
https://launchpad.net/ubuntu/+source/sudo/1.8.16-0ubuntu1.8
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBAgAGBQJdpJwlAAoJEEW851uECx9pXWEQALqlPsOLlkwphHzqX7g7mEz1
nUe0NfrHua91HyYNN1zk2+0Se7m6sxuz9u3FoG+7jZ+feQ15Ibqv2HsHC+okqivz
Y1+aSk8S9Niq538jjFlKpcdgGQVRvC7FBO0IYEmMIQAboPFovyGSa3dh5I/Rb7+B
4qga4+CFA/aebzbHfbFYRPOcd5qcXOQLcOpzxgoszHDbq/1UzdRbO//8fR3virhM
YevXvGj57YtlIZm5qLRP0oErLE/Dx3v1zrI6c9+O1A1AddnTd6B55TkD3GLAimCl
Fcy6E3YvWiiYa1dDQBD+J2Q6QbQfh+GEtyfUPOh0lzeweLi/FUNaGeniAz+q2glL
VE1L3ZQP2Oa6QN58cxp6F51nmkaxDbpX7XYo11eYJfpRwRAWpAK3md+UCkf8dCoA
z5KA4yTxLnCkSE2Y1uZ7ygE4gL0AIMPISgtCTOXy/ypZKBhCK6VY4hF8Z2GzoQQH
+gYiasatNJnUgUQrHCxkYnPZcQaZV1+yf+wrP7+nrA/XF8hZzbcNXLUo4pjXEn5H
M8HxMIdnOWUpqgqZS7qX6CngugpDad+C6h07yjjt8zSCy2quyxVRIeecRxZR9VSq
AbMmS18Fl62+4k3cLd9tG5zSqusm3PJkrOJPpO53Ejc2gfTJLpW9yJE4sLP7Tzqt
kLrLjV8VT2I2PeuAd/q5
=RwoP
—–END PGP SIGNATURE—–
—