14 DAY TRIAL // Canonical published today a new security advisory to inform users of the Ubuntu Linux operating system series that a recent Sudo vulnerability (CVE-2017-1000367) was patched in all supported releases.
According to Ubuntu Security Notice USN-3304-1, it would appear that a security issue affects the Ubuntu 17.04 (Zesty Zapus), Ubuntu 16.10 (Yakkety Yak), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 14.04 LTS (Trusty Tahr) releases, as well as all official derivatives, including Kubuntu, Xubuntu, Lubuntu, Ubuntu GNOME, etc.
The vulnerability was discovered in the Sudo component, an open-source software that allows users to run programs with the security privileges of another user, such as root. Sudo incorrectly parsed the contents of /proc/[pid]/stat, which could be made by a local attacker to overwrite files as the system administrator.
"It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions," reads the security advisory.
All users are urged to update their systems immediately
Sudo is a very important component of a Unix-like computer operating system, so, as you might have guessed, you are urged to update your installation immediately to the new sudo versions provided by Canonical in the main stable software repositories of your Ubuntu Linux OS.
In other words, you need to update both the sudo and sudo-ldap packages to version 1.8.19p1-1ubuntu1.1 on Ubuntu 17.04, version 1.8.16-0ubuntu3.2 on Ubuntu 16.10, version 1.8.16-0ubuntu1.4 on Ubuntu 16.04 LTS, and version 1.8.9p5-1ubuntu1.4 on Ubuntu 14.04 LTS. You don't have to reboot your system after installing the new sudo version, but make sure you update as soon as possible!