Alerts This Week
Warning Icon 1 774
Alerts This Week
Warning Icon 1 774

Ubuntu 25.10: Security Advisory USN-7867-1 for rust-sudo-rs Critical Issues

ubuntu
Calendar Grey November 10, 2025
Dist Ubuntu Esm H88
Several security issues fixed in rust-sudo-rs for Ubuntu 25.10, ensuring improved password handling and authentication.
Several security issues were fixed in sudo-rs.

Summary

Several security issues were fixed in sudo-rs.

Software Description:

- rust-sudo-rs: Rust-based sudo and su implementations

Details:

It was discovered that sudo-rs incorrectly handled passwords when timeouts

occurred and the pwfeedback default was not set. This could result in a

partially typed password being output to standard input, contrary to

expectations.

It was discovered that sudo-rs incorrectly handled the targetpw and rootpw

default settings when creating timestamp files. A local attacker could

possibly use this issue to bypass authentication in certain configurations.

Topics%20covered

Topics Covered

security advisory critical Ubuntu authentication bypass password handling sudo-rs

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  sudo-rs                         0.2.8-1ubuntu5.2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7867-1

https://bugs.launchpad.net/ubuntu/+source/rust-sudo-rs/+bug/2130623

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7867-1

Topics%20covered

Topics Covered

security advisory critical Ubuntu authentication bypass password handling sudo-rs

Package Information

https://launchpad.net/ubuntu/+source/rust-sudo-rs/0.2.8-1ubuntu5.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here