Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-5908-1

Ubuntu Security Notice 5908-1 - It was discovered that Sudo incorrectly handled the per-command chroot feature. In certain environments where Sudo is configured with a rule that contains a CHROOT setting, a local attacker could use this issue to cause Sudo to crash, resulting in a denial of service, or possibly escalate privileges.

Packet Storm
#vulnerability#ubuntu#dos#ldap
==========================================================================Ubuntu Security Notice USN-5908-1March 02, 2023sudo vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.10- Ubuntu 22.04 LTSSummary:Sudo could be made to crash or escalate privileges.Software Description:- sudo: Provide limited super user privileges to specific usersDetails:It was discovered that Sudo incorrectly handled the per-command chrootfeature. In certain environments where Sudo is configured with a rule thatcontains a CHROOT setting, a local attacker could use this issue to causeSudo to crash, resulting in a denial of service, or possibly escalateprivileges.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.10:   sudo                            1.9.11p3-1ubuntu1.2   sudo-ldap                       1.9.11p3-1ubuntu1.2Ubuntu 22.04 LTS:   sudo                            1.9.9-1ubuntu2.3   sudo-ldap                       1.9.9-1ubuntu2.3In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-5908-1   CVE-2023-27320Package Information:   https://launchpad.net/ubuntu/+source/sudo/1.9.11p3-1ubuntu1.2   https://launchpad.net/ubuntu/+source/sudo/1.9.9-1ubuntu2.3

Related news

Gentoo Linux Security Advisory 202309-12

Gentoo Linux Security Advisory 202309-12 - Multiple vulnerabilities have been found in sudo, the worst of which can result in root privilege escalation. Versions greater than or equal to 1.9.13_p2 are affected.

CVE-2023-32463: DSA-2023-200: Security Update for Dell VxRail for Multiple Third-Party Component Vulnerabilities

Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution