The Slackware Linux team has released updated `sudo` packages for Slackware 15.0 and the -current version to address critical security vulnerabilities. The updates include version 1.9.17p1, which resolves issues that could potentially allow local privilege escalation attacks through the use of the `-h` (host) and `-R` (chroot) options in `sudo`. Specifically, if the sudoers file permits a user to execute commands on a different host, it could lead to unauthorized command execution as root, even bypassing the sudoers file. The chroot support, which is linked to this vulnerability, is set to be deprecated and removed in future releases.
For those looking to download the updated packages, they are available via the Slackware FTP site and other mirror sites. The relevant links for the new packages for both 32-bit and 64-bit architectures are provided. Users are encouraged to verify the integrity of the packages using the MD5 signatures listed.
To install the updated package, users should run the command as root:
This update highlights the ongoing commitment of the Slackware team to maintain the security and stability of their distribution. Users are advised to keep their systems up to date to mitigate potential risks associated with outdated software. Additionally, the Slackware Linux Security Team remains available for further guidance and support regarding security practices.
For those interested in keeping abreast of future updates and security advisories, it’s recommended to regularly check the official Slackware website and subscribe to relevant mailing lists or forums associated with the Slackware community
For those looking to download the updated packages, they are available via the Slackware FTP site and other mirror sites. The relevant links for the new packages for both 32-bit and 64-bit architectures are provided. Users are encouraged to verify the integrity of the packages using the MD5 signatures listed.
To install the updated package, users should run the command as root:
upgradepkg sudo-1.9.17p1-i586-1_slack15.0.txz
This update highlights the ongoing commitment of the Slackware team to maintain the security and stability of their distribution. Users are advised to keep their systems up to date to mitigate potential risks associated with outdated software. Additionally, the Slackware Linux Security Team remains available for further guidance and support regarding security practices.
For those interested in keeping abreast of future updates and security advisories, it’s recommended to regularly check the official Slackware website and subscribe to relevant mailing lists or forums associated with the Slackware community
Sudo update for Slackware
New sudo packages have been released for Slackware Linux 15.0 to address security vulnerabilities:
sudo (SSA:2025-181-01)
