---

Debian and Ubuntu Patch Critical Sudo Security Vulnerability, Update Now

Discovered by Joe Vennix, the security vulnerability (CVE-2019-14287) could be exploited by an attacker to execute arbitrary commands as the root user (system administrator) because sudo incorrectly handled certain user IDs when it was configured to allow users to run commands as an arbitrary user through the ALL keyword in a Runas specification. Both the Debian Project and Canonical urge users to update their Debian GNU/Linux and Ubuntu systems as soon as possible to the new sudo version that’s patched against this security vulnerability and already available in the main software repositories of all supported Debian GNU/Linux and Ubuntu releases.