========================================================================== Ubuntu Security Notice USN-3304-1 May 30, 2017 sudo vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Sudo could be made to overwrite files as the administrator. Software Description: - sudo: Provide limited super user privileges to specific users Details: It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: sudo 1.8.19p1-1ubuntu1.1 sudo-ldap 1.8.19p1-1ubuntu1.1 Ubuntu 16.10: sudo 1.8.16-0ubuntu3.2 sudo-ldap 1.8.16-0ubuntu3.2 Ubuntu 16.04 LTS: sudo 1.8.16-0ubuntu1.4 sudo-ldap 1.8.16-0ubuntu1.4 Ubuntu 14.04 LTS: sudo 1.8.9p5-1ubuntu1.4 sudo-ldap 1.8.9p5-1ubuntu1.4 In general, a standard system update will make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3304-1 CVE-2017-1000367 Package Information: https://launchpad.net/ubuntu/+source/sudo/1.8.19p1-1ubuntu1.1 https://launchpad.net/ubuntu/+source/sudo/1.8.16-0ubuntu3.2 https://launchpad.net/ubuntu/+source/sudo/1.8.16-0ubuntu1.4 https://launchpad.net/ubuntu/+source/sudo/1.8.9p5-1ubuntu1.4