Canonical has launched a urgent security patch for SUDO package following the discovery of a major vulnerability.
A critical fix has been released to all current versions of Ubuntu; Ubuntu 16.04 LTS, 18.04 LTS, 19.04 and 19.10 (and Ubuntu 14.04 ESR), users can upgrade by running the code sudo apt upgrade.
But what is this major vulnerability about? If you have not been aware of the networks you should know that someone I publish the vulnerability on the official CVE site (Common Vulnerabilities and Exposures) on October 14 and the news spread quickly.
The exploit, described by TheHackerNews mentions a problem in the sudo package security policy that could allow a malicious user or program to execute commands with root permissions on a system even when sudo settings explicitly disable this access.
Although security vulnerabilities always seem far away, in particular it can happen on almost any machine running Linux, so it is very important to update as soon as possible.
It should be noted that the security patch is only created to fix this serious problem and does not bring any more changes, so all users are urged to update.
I have used the command sudo apt upgrade and no update appears. I recently updated the system with the same command. I don't know, maybe the security patch has already been installed. How can I see if that patch is installed?
For what it's worth, I use Xubuntu 18.04.3 LTS