POA Forum

Security vulnerability in `sudo` package

Dear bridge validators

a security vulnerability in sudo package was discovered. To address this vulnerability please update the package to the latest version.


The following instruction assumes you’re running a default setup (Ubuntu 16.04):

  1. login to your node
  2. update information about packages
sudo apt update
  1. check currently installed version of the package
sudo apt-cache policy sudo

example output:

sudo:
  Installed: 1.8.16-0ubuntu1.7
  Candidate: 1.8.16-0ubuntu1.8
  Version table:
     1.8.16-0ubuntu1.8 500
        500 http://us-east-1.ec2.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
 *** 1.8.16-0ubuntu1.7 100
        100 /var/lib/dpkg/status
     1.8.16-0ubuntu1 500
        500 http://us-east-1.ec2.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

Note the Installed version number, if it’s below 1.8.16-0ubuntu1.8, you need to update.

  1. To do the update run
sudo apt-get --only-upgrade install sudo
  1. check the Installed version number again
sudo apt-cache policy sudo

it should be 1.8.16-0ubuntu1.8 or higher.

1 Like

Hello Pavel, thanks for the heads up. Checked both core and sokol nodes. Both have sudo 1.8.16-0ubuntu1.8

3 Likes

Verified Sokol and Core - 1.8.16-0ubuntu1.8