Publication date
10 November 2025
Overview
Several security issues were fixed in sudo-rs.
Releases
Packages
- rust-sudo-rs - Rust-based sudo and su implementations
Details
It was discovered that sudo-rs incorrectly handled passwords when timeouts occurred and the pwfeedback default was not set. This could result in a partially typed password being output to standard input, contrary to expectations.
It was discovered that sudo-rs incorrectly handled the targetpw and rootpw default settings when creating timestamp files. A local attacker could possibly use this issue to bypass authentication i…
Publication date
10 November 2025
Overview
Several security issues were fixed in sudo-rs.
Releases
Packages
- rust-sudo-rs - Rust-based sudo and su implementations
Details
It was discovered that sudo-rs incorrectly handled passwords when timeouts occurred and the pwfeedback default was not set. This could result in a partially typed password being output to standard input, contrary to expectations.
It was discovered that sudo-rs incorrectly handled the targetpw and rootpw default settings when creating timestamp files. A local attacker could possibly use this issue to bypass authentication in certain configurations.
It was discovered that sudo-rs incorrectly handled passwords when timeouts occurred and the pwfeedback default was not set. This could result in a partially typed password being output to standard input, contrary to expectations.
It was discovered that sudo-rs incorrectly handled the targetpw and rootpw default settings when creating timestamp files. A local attacker could possibly use this issue to bypass authentication in certain configurations.
The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | 25.10 questing |
|---|---|---|
| sudo-rs – 0.2.8-1ubuntu5.2 |
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.