========================================================================== Ubuntu Security Notice USN-7867-1 November 10, 2025
rust-sudo-rs vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 Summary: Several security issues were fixed in sudo-rs. Software Description: - rust-sudo-rs: Rust-based sudo and su implementations Details: It was discovered that sudo-rs incorrectly handled passwords when timeouts occurred and the pwfeedback default was not set. This could result in a partially typed password being output to standard input, contrary to expectations. It was discovered that sudo-rs incorrectly handled the targetpw and rootpw default settings when creating timestamp files. A local attacker could possibly use this issue to bypass authentication in certain configurations. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 sudo-rs 0.2.8-1ubuntu5.2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7867-1 https://launchpad.net/bugs/2130623 Package Information: https://launchpad.net/ubuntu/+source/rust-sudo-rs/0.2.8-1ubuntu5.2
signature.asc
Description: OpenPGP digital signature
