Ubuntu 928-1: Sudo vulnerability
Summary
Update Instructions
References
Package Information
==========================================================Ubuntu Security Notice USN-928-1 April 15, 2010 sudo vulnerability https://launchpad.net/bugs/563963 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: sudo 1.6.8p12-1ubuntu6.2 sudo-ldap 1.6.8p12-1ubuntu6.2 Ubuntu 8.04 LTS: sudo 1.6.9p10-1ubuntu3.7 sudo-ldap 1.6.9p10-1ubuntu3.7 Ubuntu 8.10: sudo 1.6.9p17-1ubuntu2.3 sudo-ldap 1.6.9p17-1ubuntu2.3 Ubuntu 9.04: sudo 1.6.9p17-1ubuntu3.2 sudo-ldap 1.6.9p17-1ubuntu3.2 Ubuntu 9.10: sudo 1.7.0-1ubuntu2.2 sudo-ldap 1.7.0-1ubuntu2.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Valerio Costamagna discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command when the PATH contained only a dot ('.'). If secure_path and ignore_dot were disabled, a local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. By default, secure_path is used and the sudoedit pseudo-command is not used in Ubuntu. This is a different but related issue to CVE-2010-0426. Updated packages for Ubuntu 6.06 LTS: Source archives: Size/MD5: 36735 c7e6e0987a98c0039c7367e55be06b77 Size/MD5: 618 cee46b55595f3a4417831ca93a413a57 Size/MD5: 585643 b29893c06192df6230dd5f340f3badf5 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 177410 81101533cbcef2f0e124a629309ba736 Size/MD5: 189300 929042e125a96fb9f9d07121a2ab0d87 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 162998 7394076ea85b56f928622b7241ff5da4 Size/MD5: 174410 31f17e264d588a418772b2553b588983 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 171604 7655e64f2b75c14638a64b4b343e9fe6 Size/MD5: 183772 3d1cb111899646f7eb0d392ff33c4d22 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 167692 4be5d3e92d8ea5334b6e84835683a2c1 Size/MD5: 180246 3fa1cb8b677210e2c74090b9b35c8206 Updated packages for Ubuntu 8.04 LTS: Source archives: Size/MD5: 29618 7567e0be6446f17b254221b739c07996 Size/MD5: 702 07693cd03ca8e11d8af469148bfa18c2 Size/MD5: 579302 16db2a1213159a1fac8239eab58108f5 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 188426 8bebb97bd861d824b370f528d74638b0 Size/MD5: 200104 bda49af159988c625cc8540389a542e6 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 176658 2ef5c88a84bfefc024de8c98522c547e Size/MD5: 187508 f9809828e32255a635051f2bf2fd52e3 lpia architecture (Low Power Intel Architecture): Size/MD5: 177722 5ade363457ea20b36843aec86c43e6ec Size/MD5: 188506 07007824b823228ab9e3cb71d9c3d1b8 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 188648 745940413991a88100764e10329fc200 Size/MD5: 202516 64131bfedf6b879abae928de17709847 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 182610 2b4d2e4d66ae5a98d81b20ec068e06ca Size/MD5: 193706 aa4d90f564809d2c52c409ee08f7ec7d Updated packages for Ubuntu 8.10: Source archives: Size/MD5: 26703 53450aae72fd4ff5ef1b67bdb7aa0810 Size/MD5: 1098 92f13b0ab92f0288622c34089570390c Size/MD5: 593534 60daf18f28e2c1eb7641c4408e244110 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 191376 01e4d7cca5da5d736e375a5d653be2f6 Size/MD5: 202366 c5ed35feb2c9d7c1ea115610e8500662 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 179492 70490bcbb5a3e7950e31c2493754a94f Size/MD5: 188950 de9624a340c588706b912d091a29395a lpia architecture (Low Power Intel Architecture): Size/MD5: 180568 aa481c3c998a882ec39ff624a17c470b Size/MD5: 189796 3110116a57d79f31075c1747b5fdc998 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 188868 ed1514de1313f0fd81b6c252cacc65dc Size/MD5: 201376 efd41e0313475db360a1f48d6359c632 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 184318 fd96f1f61d6b3d0c26bed40784beaeda Size/MD5: 194048 5ee93d6e457b541fb4ac89e0bd059820 Updated packages for Ubuntu 9.04: Source archives: Size/MD5: 26708 75f28b3212a9d34a3c1ea84e8dc421de Size/MD5: 1098 82922ad2f30bdc41b29192335f28f084 Size/MD5: 593534 60daf18f28e2c1eb7641c4408e244110 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 191362 e2c3970a3358d127cb5482749e48cc13 Size/MD5: 202358 44f639898ae4f40527f8627468c1988a i386 architecture (x86 compatible Intel/AMD): Size/MD5: 179514 47fbc07f6827ecc074e3dc6e59328fa7 Size/MD5: 188976 1058bce621e5f89a951cae5e0f59fce8 lpia architecture (Low Power Intel Architecture): Size/MD5: 180604 ba821107abd87a9fb846db64ad81dc86 Size/MD5: 189826 9bd642aa06abe3a56cb38ae624f18c95 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 188868 294ef55b0a3f5b3880d54e3130bac961 Size/MD5: 201382 4acdc25ff7a93ced1a514697bcf2546b sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 184224 107e2c84d28f90073a71d7d45e6dabe2 Size/MD5: 193928 d283f60b4cf782e724309528a5c37c1f Updated packages for Ubuntu 9.10: Source archives: Size/MD5: 23991 d7ed14666b7725c1c90ee5373e6b493b Size/MD5: 1117 90f89205701115986ad94c234fec88de Size/MD5: 744311 5fd96bba35fe29b464f7aa6ad255f0a6 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 310330 f7ed720332dc09e94f3caeb5cfd61a23 Size/MD5: 334118 6b5c29f330189dc0c96e90a8c724114e i386 architecture (x86 compatible Intel/AMD): Size/MD5: 297788 275954f47eee1e3070a6ed4a8f88a44a Size/MD5: 319396 5b0df976b974fb357dcc96b9eba19a84 lpia architecture (Low Power Intel Architecture): Size/MD5: 298004 a6fc0c417840fe291f4850c2902c5157 Size/MD5: 319820 12199da9bf6a388eaf395a009f7b1025 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 306012 72df477368ee2b5b88d10bf3f4a04130 Size/MD5: 328996 e9a0fb7fcdfea28faa433472f77b50d1 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 301610 ed2dc9787c8c3c523fc384668e8ee498 Size/MD5: 323674 16f40c45f8ad7679606c5559aba18b70