Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 14.04 ESM: USN-3968-3 Critical: Sudo Arbitrary Command Execution

ubuntu
Calendar Grey September 28, 2020
Dist Ubuntu Esm H88
Ubuntu Security Announcement USN-3969-4 addresses recent Sudo weaknesses and offers crucial update guidelines.
Several security issues were fixed in Sudo.

Summary

Several security issues were fixed in Sudo.

Software Description:

- sudo: Provide limited super user privileges to specific users

Details:

USN-3968-1 fixed several vulnerabilities in Sudo. This update provides

the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

Florian Weimer discovered that Sudo incorrectly handled the noexec

restriction when used with certain applications. A local attacker could

possibly use this issue to bypass configured restrictions and execute

arbitrary commands. (CVE-2016-7076, CVE-2016-7032)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  sudo                            1.8.9p5-1ubuntu1.5+esm5
  sudo-ldap                       1.8.9p5-1ubuntu1.5+esm5

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3968-3

https://ubuntu.com/security/notices/USN-3968-1

CVE-2016-7032, CVE-2016-7076

Severity
critical
Lowest
Low
Medium
High
Critical

September 28, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here