With the news of the vulnerability found in sudo versions prior to 1.8.28, I am trying to upgrade to that version, but have had no luck. I did sudo apt-get update and sudo apt-get upgrade and sudo continues to be at the same version. Even tried sudo apt-get upgrade sudo and it says it's at the latest, which cannot be entirely true since 1.8.28 was released earlier today.
How does one typically go about updating packages using apt-get to latest versions?
2 Answers
It is known as CVE-2019-14287 and already fixed as backport.
All you need - is to run:
sudo apt update
sudo apt upgrade(but is more likely that unattended-upgrades was already installed all updates)
See USN :
and was indicated in changelog of sudo 1.8.21p2-3ubuntu1.1 for 18.04 LTS.
3For me it was enough to run:
sudo apt updateapt-cache policy sudoand check versions (Installed: 1.8.16-0ubuntu1.5, Candidate: 1.8.16-0ubuntu1.8 = this version fixed problem)sudo apt-get install sudo
And the package was updated and check that bug: sudo -u#-1 whoami no more works
