About Ubuntu

=========================================================== Ubuntu Security Notice USN-235-1 January 05, 2006 sudo vulnerability CVE-2005-4158 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: sudo The problem can be corrected by upgrading the affected package to version 1.6.7p5-1ubuntu4.4 (for Ubuntu 4.10), 1.6.8p5-1ubuntu2.3 (for Ubuntu 5.04), or 1.6.8p9-2ubuntu2.2 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Charles Morris discovered a privilege escalation vulnerability in sudo. On executing Perl scripts with sudo, various environment variables that affect Perl's library search path were not cleaned properly. If sudo is set up to grant limited sudo execution of Perl scripts to normal users, this could be exploited to run arbitrary commands as the target user. This security update also filters out environment variables that can be exploited similarly with Python, Ruby, and zsh scripts. Please note that this does not affect the default Ubuntu installation, or any setup that just grants full root privileges to certain users.