{"id":2962,"date":"2017-05-31T09:50:16","date_gmt":"2017-05-31T07:50:16","guid":{"rendered":"http:\/\/borncity.com\/win\/?p=2962"},"modified":"2022-10-02T01:28:27","modified_gmt":"2022-10-01T23:28:27","slug":"ubuntu-patch-for-sudo-vulnerability","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2017\/05\/31\/ubuntu-patch-for-sudo-vulnerability\/","title":{"rendered":"Ubuntu: Patch for sudo vulnerability"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"http:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/11\/Linux.jpg\" width=\"64\" align=\"left\" height=\"76\">Cannonical has released a critical security update for Ubuntu 17.04 (Zesty Zapus), Ubuntu 16.10 (Yakkety Yak), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 14.04 LTS (Trusty Tahr).<\/p>\n<p><!--more--><\/p>\n<p>Ubuntu's sudo command contains a critical vulnerability <a href=\"https:\/\/people.canonical.com\/~ubuntu-security\/cve\/2017\/CVE-2017-1000367.html\" target=\"_blank\" rel=\"noopener\">CVE-2017-1000367<\/a>, which affects the these releases of Ubuntu and its derivatives: <\/p>\n<ul>\n<li>Ubuntu 17.04 <\/li>\n<li>Ubuntu 16.10<\/li>\n<li>Ubuntu 16.04 LTS<\/li>\n<li>Ubuntu 14.04 LTS<\/li>\n<\/ul>\n<p>It was discovered that Sudo did not properly parse the contents of \/proc\/[pid]\/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the file system, bypassing intended permissions. Cannonical has issued a <a href=\"https:\/\/lists.ubuntu.com\/archives\/ubuntu-security-announce\/2017-May\/003878.html\" target=\"_blank\" rel=\"noopener\">security bulletin<\/a>, detailing the issue and offers updates. (<a href=\"https:\/\/web.archive.org\/web\/20220922120324\/https:\/\/news.softpedia.com\/news\/sudo-vulnerability-patched-in-all-supported-ubuntu-linux-releases-update-now-516150.shtml\" target=\"_blank\" rel=\"noopener\">via<\/a>)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cannonical has released a critical security update for Ubuntu 17.04 (Zesty Zapus), Ubuntu 16.10 (Yakkety Yak), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 14.04 LTS (Trusty Tahr).<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,22],"tags":[69,112],"class_list":["post-2962","post","type-post","status-publish","format-standard","hentry","category-security","category-update","tag-security","tag-ubuntu"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/2962","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=2962"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/2962\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=2962"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=2962"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=2962"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}