Content-Disposition: inline ==========================================================================Ubuntu Security Notice USN-1442-1 May 16, 2012 sudo vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Sudo could allow users to run arbitrary programs as the administrator. Software Description: - sudo: Provide limited super user privileges to specific users Details: It was discovered that sudo incorrectly handled network masks when using Host and Host_List. A local user who is listed in sudoers may be allowed to run commands on unintended hosts when IPv4 network masks are used to grant access. A local attacker could exploit this to bypass intended access restrictions. Host and Host_List are not used in the default installation of Ubuntu. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: sudo 1.8.3p1-1ubuntu3.2 sudo-ldap 1.8.3p1-1ubuntu3.2 Ubuntu 11.10: sudo 1.7.4p6-1ubuntu2.1 sudo-ldap 1.7.4p6-1ubuntu2.1 Ubuntu 11.04: sudo 1.7.4p4-5ubuntu7.2 sudo-ldap 1.7.4p4-5ubuntu7.2 Ubuntu 10.04 LTS: sudo 1.7.2p1-1ubuntu5.4 sudo-ldap 1.7.2p1-1ubuntu5.4 Ubuntu 8.04 LTS: sudo 1.6.9p10-1ubuntu3.9 sudo-ldap 1.6.9p10-1ubuntu3.9 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1442-1 CVE-2012-2337 Package Information: https://launchpad.net/ubuntu/+source/sudo/1.8.3p1-1ubuntu3.2 https://launchpad.net/ubuntu/+source/sudo/1.7.4p6-1ubuntu2.1 https://launchpad.net/ubuntu/+source/sudo/1.7.4p4-5ubuntu7.2 https://launchpad.net/ubuntu/+source/sudo/1.7.2p1-1ubuntu5.4 https://launchpad.net/ubuntu/+source/sudo/1.6.9p10-1ubuntu3.9