USN-7867-1: sudo-rs vulnerabilities
Publication date
10 November 2025
Overview
Several security issues were fixed in sudo-rs.
Releases
Packages
- rust-sudo-rs - Rust-based sudo and su implementations
Details
It was discovered that sudo-rs incorrectly handled passwords when timeouts
occurred and the pwfeedback default was not set. This could result in a
partially typed password being output to standard input, contrary to
expectations.
It was discovered that sudo-rs incorrectly handled the targetpw and rootpw
default settings when creating timestamp files. A local attacker could
possibly use this issue to bypass authentication in certain configurations.
It was discovered that sudo-rs incorrectly handled passwords when timeouts
occurred and the pwfeedback default was not set. This could result in a
partially typed password being output to standard input, contrary to
expectations.
It was discovered that sudo-rs incorrectly handled the targetpw and rootpw
default settings when creating timestamp files. A local attacker could
possibly use this issue to bypass authentication in certain configurations.
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 25.10 questing | sudo-rs – 0.2.8-1ubuntu5.2 | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.