Update sudo!

So, now news, sudo had a very astonishing bug: you can gain access as superuser specifying a negative user ID.
Now, first of all, no flame and no panic: this works only if you are allowed to run ALL commands.
A little more panic: many (Linux) distributions do configure the main user with an ALL** command alias, and therefore are vulnerable. <br/> **Versions before 1.8.28` are affected, and therefore upgrades are required.**
I decided to have a look at my systems, to see how to upgrade.


My Kubuntu machines were running 1.8.23 (gosh!). Since I’m on Kubuntu 18.10 (not LTS!), it seems I cannot update it without upgrading my systems, and the page references that my distro is not affected while it is (obviously).


My FreeBSD machines were running 1.8.27, truly the most updated version around all my systems. Issuing a pkg upgrade proposed me sudo as an upgrade, so I got the new shiny version running.


My Fedora 30 machine gets updated easily with the new version of sudo.


My CentOS 7.5 is running 1.8.23 and there’s no automatic upgrade.


Again, I’m not much impressed by the Ubuntu way of handling updates. And I’m positively impressed by how FreeBSD handles them precisely. I don’t have enough experience to judge Fedora nor CentOS, but let’s say the former sounds to me a little better in this particular case.

So what I have to do after all? Upgrade as much binaries as possible, or compile a new `sudo** version by my own! At least I got my system patched!

The article Update sudo! has been posted by Luca Ferrari on October 18, 2019