Alerts This Week
Warning Icon 1 483
Alerts This Week
Warning Icon 1 483

Ubuntu 16.04 ESM: USN-5811-2 Moderate: Sudo File Edit Threat Analysis

ubuntu
Calendar Grey January 18, 2023
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-5820-3 pertains to a potential flaw in the sudo utility that might enable unauthorized file modifications through specially designed inputs.
Sudo could be made to possibly edit arbitrary files if it received a specially crafted input.

Summary

Sudo could be made to possibly edit arbitrary files

if it received a specially crafted input.

Software Description:

- sudo: Provide limited super user privileges to specific users

Details:

USN-5811-1 fixed a vulnerability in Sudo. This update provides

the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly

handled user-specified editors when using the sudoedit command. A local

attacker that has permission to use the sudoedit command could possibly use

this issue to edit arbitrary files. (CVE-2023-22809)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 ESM:
  sudo                            1.8.16-0ubuntu1.10+esm1
  sudo-ldap                       1.8.16-0ubuntu1.10+esm1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5811-2

https://ubuntu.com/security/notices/USN-5811-1

CVE-2023-22809

January 18, 2023

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here