You are Here:
Linux Lite 6.6 FINAL Released - Support for 22 Languages Added - See Release Announcement Section



SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x

Author (Read 8591 times)

0 Members and 1 Guest are viewing this topic.

Re: SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x
« Reply #8 on: June 02, 2017, 05:15:04 PM »
 

bitsnpcs

  • Platinum Level Poster
  • **********
  • 3237
    Posts
  • Reputation: 305
    • View Profile
    • Try to Grow

  • Kernel: 4.x
Thank you Jerry  :)
I have checked and it is the version you specified.
When running Menu>Favorites>Install Updates there was an update for sudo.
 

Re: SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x
« Reply #7 on: June 02, 2017, 04:26:45 PM »
 

bluzeo

  • Linux Magazine writer
  • PayPal Supporter
  • Forum Regular
  • *****
  • 235
    Posts
  • Reputation: 45
  • Linux Lite Member
    • View Profile

  • CPU: Amd 8 core

  • MEMORY: 16Gb

  • VIDEO CARD: GT 210
Hmmm. So don't do it in the. Terminal??? Gotch ya


God not dead! He roaring like an Lion.
hey guys im Bluzeo and Linux Lite user that got his own open source company!
 

Re: SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x
« Reply #6 on: June 02, 2017, 03:52:23 AM »
 

Jocklad

  • Banned
  • Gold Level Poster
  • *******
  • 508
    Posts
  • Reputation: 67
  • Linux Lite Member
    • View Profile

  • MEMORY: 8Gb
Checked and all good on LL 3.4x64  :)
 

Re: SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x
« Reply #5 on: June 02, 2017, 03:35:04 AM »
 

TMG1961

  • PayPal Supporter
  • Gold Level Poster
  • *****
  • 591
    Posts
  • Reputation: 90
  • Linux Lite Member
    • View Profile

  • CPU: Intel(R) Core(TM) i3-7020U

  • MEMORY: 8Gb

  • VIDEO CARD: Intel(R) HD Graphics 620

  • Kernel: 5.x
@TMG1961 left them out.

thanks...thought i had some special thingy going in here. glad to hear all is fine.
Life on earth is expensive but it does include a free trip around the sun.
 

Re: SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x
« Reply #4 on: June 02, 2017, 03:32:21 AM »
 

Jerry

  • Linux Lite Creator
  • Administrator
  • Platinum Level Poster
  • *****
  • 8775
    Posts
  • Reputation: 801
  • Linux Lite Member
    • View Profile
    • Linux Lite OS

  • CPU: Intel Core i9-10850K CPU @ 3.60GHz

  • MEMORY: 32Gb

  • VIDEO CARD: nVidia GeForce GTX 1650

  • Kernel: 5.x
@TMG1961 left them out.
 

Re: SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x
« Reply #3 on: June 02, 2017, 03:25:37 AM »
 

TMG1961

  • PayPal Supporter
  • Gold Level Poster
  • *****
  • 591
    Posts
  • Reputation: 90
  • Linux Lite Member
    • View Profile

  • CPU: Intel(R) Core(TM) i3-7020U

  • MEMORY: 8Gb

  • VIDEO CARD: Intel(R) HD Graphics 620

  • Kernel: 5.x
Thanks Jerry. This my outcome. Just wondering why i have some extra lines. Or did you just leave them out?

Code: [Select]
theo@Lenovo-B50-30:~$ apt policy sudo
sudo:
  Geïnstalleerd: 1.8.16-0ubuntu1.4
  Kandidaat:     1.8.16-0ubuntu1.4
  Versietabel:
 *** 1.8.16-0ubuntu1.4 500
        500 http://ftp.tudelft.nl/archive.ubuntu.com xenial-updates/main amd64 Packages
        500 http://ftp.tudelft.nl/archive.ubuntu.com xenial-security/main amd64 Packages
        100 /var/lib/dpkg/status
     1.8.16-0ubuntu1 500
        500 http://ftp.tudelft.nl/archive.ubuntu.com xenial/main amd64 Packages
theo@Lenovo-B50-30:~$
Life on earth is expensive but it does include a free trip around the sun.
 

Re: SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x
« Reply #2 on: June 02, 2017, 12:32:54 AM »
 

bluzeo

  • Linux Magazine writer
  • PayPal Supporter
  • Forum Regular
  • *****
  • 235
    Posts
  • Reputation: 45
  • Linux Lite Member
    • View Profile

  • CPU: Amd 8 core

  • MEMORY: 16Gb

  • VIDEO CARD: GT 210
this had to happen when im  not even near my rig... ill do asap...

Sent from my SAMSUNG-SM-G920A using Tapatalk

hey guys im Bluzeo and Linux Lite user that got his own open source company!
 

SUDO Flaw CVE-2017-1000367 Series 2.x Series 3.x
« Reply #1 on: June 01, 2017, 11:19:40 PM »
 

Jerry

  • Linux Lite Creator
  • Administrator
  • Platinum Level Poster
  • *****
  • 8775
    Posts
  • Reputation: 801
  • Linux Lite Member
    • View Profile
    • Linux Lite OS

  • CPU: Intel Core i9-10850K CPU @ 3.60GHz

  • MEMORY: 32Gb

  • VIDEO CARD: nVidia GeForce GTX 1650

  • Kernel: 5.x
A high-severity vulnerability has been reported in Linux that could be exploited by a low privilege attacker to gain full root access on an affected system.
The vulnerability, identified as CVE-2017-1000367, was discovered by researchers at Qualys Security in Sudo's "get_process_ttyname()" function for Linux that could allow a user with Sudo privileges to run commands as root or elevate privileges to root.

1. Make sure to run Menu, Favorites, Install Updates.

2. Open a terminal:

Code: [Select]
apt policy sudo
should show the patched version for Series 3.x:

Code: [Select]
apt policy sudo
sudo:
  Installed: 1.8.16-0ubuntu1.4
  Candidate: 1.8.16-0ubuntu1.4

should show the patched version for Series 2.x:

Code: [Select]
apt policy sudo
sudo:
  Installed: 1.8.9p5-1ubuntu1.4
  Candidate: 1.8.9p5-1ubuntu1.4

Sources:

https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000367.html

http://thehackernews.com/2017/05/linux-sudo-root-hack.html
 

 

-->
X Close Ad

Linux Lite 6.6 FINAL Released - Support for 22 Languages Added - See Release Announcement Section