Ubuntu Security Notice 5908-1 - It was discovered that Sudo incorrectly handled the per-command chroot feature. In certain environments where Sudo is configured with a rule that contains a CHROOT setting, a local attacker could use this issue to cause Sudo to crash, resulting in a denial of service, or possibly escalate privileges.
90ddc8329e98cbd51c9da46d05351fd46b7745f58c4e7d49d275744e04336195==========================================================================
Ubuntu Security Notice USN-5908-1
March 02, 2023
sudo vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
Summary:
Sudo could be made to crash or escalate privileges.
Software Description:
- sudo: Provide limited super user privileges to specific users
Details:
It was discovered that Sudo incorrectly handled the per-command chroot
feature. In certain environments where Sudo is configured with a rule that
contains a CHROOT setting, a local attacker could use this issue to cause
Sudo to crash, resulting in a denial of service, or possibly escalate
privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
sudo 1.9.11p3-1ubuntu1.2
sudo-ldap 1.9.11p3-1ubuntu1.2
Ubuntu 22.04 LTS:
sudo 1.9.9-1ubuntu2.3
sudo-ldap 1.9.9-1ubuntu2.3
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5908-1
CVE-2023-27320
Package Information:
https://launchpad.net/ubuntu/+source/sudo/1.9.11p3-1ubuntu1.2
https://launchpad.net/ubuntu/+source/sudo/1.9.9-1ubuntu2.3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed