With the news of the vulnerability found in sudo versions prior to 1.8.28, I am trying to upgrade to that version, but have had no luck. I did sudo apt-get update and sudo apt-get upgrade and sudo continues to be at the same version. Even tried sudo apt-get upgrade sudo and it says it's at the latest, which cannot be entirely true since 1.8.28 was released earlier today.
How does one typically go about updating packages using apt-get to latest versions?
It is known as CVE-2019-14287 and already fixed as backport.
All you need - is to run:
sudo apt update
sudo apt upgrade
(but is more likely that unattended-upgrades was already installed all updates)
See USN https://usn.ubuntu.com/4154-1/ :
and was indicated in changelog of sudo 1.8.21p2-3ubuntu1.1 for 18.04 LTS.
For me it was enough to run:
sudo apt updateapt-cache policy sudo and check versions (Installed: 1.8.16-0ubuntu1.5, Candidate: 1.8.16-0ubuntu1.8 = this version fixed problem)sudo apt-get install sudoAnd the package was updated and check that bug: sudo -u#-1 whoami no more works
