Qualys discovered several vulnerabilities in the AppArmor code of the Linux kernel. These are being referred to as CrackArmor, while CVE IDs have not been assigned yet. All of the vulnerabilities require unprivileged local user access. The impact of these vulnerabilities ranges from denial of service to kernel memory information leak, rem […]

How to check if you are impacted

To get the version of the sudo package installed, run the following command:

dpkg -l 'sudo*' | grep ^ii

The following table lists the fixed versions of the sudo package in all supported Ubuntu releases:
Release Package Fixed version
Questing Quokka (25.10) sudo 1.9.17p2-1ubuntu1.1
sudo-ldap 1.9.17p2-1ubuntu1.1
sudo-rs Not affected
Noble Numbat (24.04 LTS) sudo 1.9.15p5-3ubuntu5.24.04.2
sudo-ldap 1.9.15p5-3ubuntu5.24.04.2
Jammy Jellyfish (22.04 LTS) sudo 1.9.9-1ubuntu2.6
sudo-ldap 1.9.9-1ubuntu2.6
Focal Fossa (20.04 LTS) sudo Not affected
sudo-ldap Not affected
Bionic Beaver (18.04 LTS) sudo Not affected
sudo-ldap Not affected
Xenial Xerus (16.05 LTS) sudo Not affected
sudo-ldap Not affected
Trusty Tahr (14.04 LTS) sudo Not affected
sudo-ldap Not affected

Affected sudo versions

How to address

We recommend you upgrade all packages:

sudo apt update && sudo apt upgrade

If this is not possible, the sudo userspace mitigations can be installed directly and does not require a reboot to apply:

sudo apt update
sudo apt install sudo

The unattended-upgrades feature is enabled by default for Ubuntu Xenial Xerus (16.04 LTS) onwards. This service:

  • Applies new security updates every 24 hours automatically.
  • If you have this enabled, the patches above will be automatically applied within 24 hours of being available.