Re: [PLUG] sudo flaw

Walt Mankowski via plug on 30 Sep 2025 10:52:17 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] sudo flaw

From: Walt Mankowski via plug <plug@lists.phillylinux.org>
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] sudo flaw
Date: Tue, 30 Sep 2025 13:52:11 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; t=1759254733; x=1759341133; bh=4 DhpO2LpdF9spYAm4/oICZp5Bo5HLGSfRHScTjiXgFU=; b=IFvDkmE6kF9J2JgD6 KUSMlKokmZNXjhjbbv5KIsiEtHlxc4uZ2ETUyoor1y6h5SSjHr+c/MFbfLq4NZzW bjp73P6BLVoqQAkm6iE2JuE0o2OWK0LUVpKvPI+OEjOBonZwxVZAi9mwxVh3MwBF vIDMLyjNoPiUv67k0+E7QXouycZgSkmIRAgXHjAa0htcxhXe1gOPxLi7aNoV0jkX FeWrIP+QJcHx3bEnFlUq1qpPbeLcgn58Mx2UnRdOZN6nXEpokfETTeKd0BpnEaXg eMA7NkN4XpIOnTRqnEhwDpQVCRCun1ewVokzO57M4m2y9V6QsHxyJaJ+mhJSLVKm iCyeg==
Feedback-id: i4ab14970:Fastmail
Reply-to: Walt Mankowski <waltman@pobox.com>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mutt/2.2.13 (2024-03-09)

Also interesting that there aren't any updates yet for Debian or Ubuntu.

On Tue, Sep 30, 2025 at 10:57:27AM -0400, K.S. Bhaskar via plug wrote:
> But interestingly, they have given till Oct 20 for Federal agencies to
> mitigate.
> 
> Regards
> - Bhaskar
> 
> On Tue, Sep 30, 2025 at 8:33 AM jeffv via plug <plug@lists.phillylinux.org>
> wrote:
> 
> > CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and
> > Unix Systems
> >
> >
> > https://thehackernews.com/2025/09/cisa-sounds-alarm-on-critical-sudo-flaw.html
> >
> > "Sudo contains an inclusion of functionality from an untrusted control
> > sphere vulnerability," CISA said. "This vulnerability could allow a
> > local attacker to leverage sudo's -R (--chroot) option to run arbitrary
> > commands as root, even if they are not listed in the sudoers file."
> >
> >
> > ___________________________________________________________________________
> > Philadelphia Linux Users Group         --
> > http://www.phillylinux.org
> > Announcements -
> > http://lists.phillylinux.org/mailman/listinfo/plug-announce
> > General Discussion  --
> > http://lists.phillylinux.org/mailman/listinfo/plug
> >

> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] sudo flaw
  - From: Chad Waters via plug <plug@lists.phillylinux.org>

References:
- [PLUG] sudo flaw
  - From: jeffv via plug <plug@lists.phillylinux.org>
- Re: [PLUG] sudo flaw
  - From: "K.S. Bhaskar via plug" <plug@lists.phillylinux.org>

Prev by Date: Re: [PLUG] sudo flaw
Next by Date: Re: [PLUG] sudo flaw
Previous by thread: Re: [PLUG] sudo flaw
Next by thread: Re: [PLUG] sudo flaw
Index(es):
- Date
- Thread