Ubuntu 1046-1: Sudo vulnerability
Summary
Update Instructions
References
Package Information
==========================================================Ubuntu Security Notice USN-1046-1 January 20, 2011 sudo vulnerability CVE-2011-0010 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.10: sudo 1.7.0-1ubuntu2.6 sudo-ldap 1.7.0-1ubuntu2.6 Ubuntu 10.04 LTS: sudo 1.7.2p1-1ubuntu5.3 sudo-ldap 1.7.2p1-1ubuntu5.3 Ubuntu 10.10: sudo 1.7.2p7-1ubuntu2.1 sudo-ldap 1.7.2p7-1ubuntu2.1 In general, a standard system update will make all the necessary changes. Details follow: Alexander Kurtz discovered that sudo would not prompt for a password when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as the specified group if sudo was configured to allow the attacker to use a program as this group. The group Runas_Spec is not used in the default installation of Ubuntu. Updated packages for Ubuntu 9.10: Source archives: Size/MD5: 26877 0a131d32d3d6cb4810b95ba5421346b6 Size/MD5: 1757 41c6991abbfea6b7cbe6708ab07d2186 Size/MD5: 744311 5fd96bba35fe29b464f7aa6ad255f0a6 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 311418 4e20db9f0d9d3da2d0c4bad38da97879 Size/MD5: 335378 21dab3619780413d5cbe250d707b3fc0 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 298826 ebb28d4fa3e93002d1d28d39cb4fdedb Size/MD5: 320354 42f7b6769bc1d7e48cb7076ea3c76a48 armel architecture (ARM Architecture): Size/MD5: 297674 a9a685e1a467013faf4cc2d17a8bb51a Size/MD5: 319706 79b5f034456f5f30f6e2794754da3983 lpia architecture (Low Power Intel Architecture): Size/MD5: 298850 4bf9a03f1475d941e127af7332760354 Size/MD5: 320656 880c1c635f7d97878cf4959db30bb215 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 306898 7fbebd6a32691c8187043c3e448b1441 Size/MD5: 329952 035a583e9c71f4b0c541b4471d7a23dd sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 302552 c51154d40cd999580d1e0684bf4724bc Size/MD5: 324594 c860cd6176d7a3769d484d85a9c05e0f Updated packages for Ubuntu 10.04 LTS: Source archives: Size/MD5: 27664 1d366b7edf66dcb6ab3a0aef6543677b Size/MD5: 1771 0254600b76a959ce7f4751487e8aba1c Size/MD5: 771059 4449d466a774f5ce401c9c0e3866c026 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 327346 8ceaa2caa94f32bbb48687dcbf83e1d0 Size/MD5: 351152 70927e8cc9fea948aa31fe27a0870a9e i386 architecture (x86 compatible Intel/AMD): Size/MD5: 311848 f9b82d11e5773a77150cc6f48c45c20f Size/MD5: 334294 a4a5e1ec0a6680c9c7804de9ddee0098 armel architecture (ARM Architecture): Size/MD5: 306620 6344b4adc273990b62a2f41eec2785d3 Size/MD5: 329590 2c3b34db34f64c970f9b7c2efc39d453 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 321892 447bbfffca308ac1b3fed6521b39bfc9 Size/MD5: 345714 dcc31787b19ddaf43ed387367853d353 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 319240 37e0e3552e429346121219e86a96bb0e Size/MD5: 342374 8bfec5685fd75afd7b1b5607635b412b Updated packages for Ubuntu 10.10: Source archives: Size/MD5: 29268 fa37ae644d44ac952b7b2f354fb15734 Size/MD5: 1797 b8aaf3f8081f86a24adc76705a0707e4 Size/MD5: 772356 3ac78668427a53e12d7639fdfab2f1af amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 329962 19af3393ae15f16f63140beca6044ecd Size/MD5: 353426 f84c71db0a392a6ac392d35c1bdbd3df i386 architecture (x86 compatible Intel/AMD): Size/MD5: 314850 c6635045fd7e48b3a47b64e4cba7eb78 Size/MD5: 336478 09f5c3d7ddc1cea3e9eb6e74c8590df1 armel architecture (ARM Architecture): Size/MD5: 314332 bdc71a8677516031b8275c50d9871032 Size/MD5: 336878 c55d7851cc45cdcdeba3eb626b0a6553 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 324918 af6829a76e25f55df562ba2e4c2e595c Size/MD5: 348046 75310ccb4b4a8e7571b947e131af42c4