Welcome to CodeNameJessica

✨ Welcome to CodeNameJessica! ✨

💻 Where tech meets community.

Hello, Guest! 👋
You're just a few clicks away from joining an exclusive space for tech enthusiasts, problem-solvers, and lifelong learners like you.

🔐 Why Join?
By becoming a member of CodeNameJessica, you’ll get access to:
✅ In-depth discussions on Linux, Security, Server Administration, Programming, and more
✅ Exclusive resources, tools, and scripts for IT professionals
✅ A supportive community of like-minded individuals to share ideas, solve problems, and learn together
✅ Project showcases, guides, and tutorials from our members
✅ Personalized profiles and direct messaging to collaborate with other techies

🌐 Sign Up Now and Unlock Full Access!
As a guest, you're seeing just a glimpse of what we offer. Don't miss out on the complete experience! Create a free account today and start exploring everything CodeNameJessica has to offer.

Ubuntu's Rust Transition Hits Another Bump as sudo-rs Security Vulnerabilities Show Up

(0 reviews)

https://codenamejessica.com/blogs/entry/1223-ubuntus-rust-transition-hits-another-bump-as-sudo-rs-security-vulnerabilities-show-up/

Followers

by: Sourav Rudra
Wed, 12 Nov 2025 13:29:24 GMT

Ubuntu's Rust Transition Hits Another Bump as sudo-rs Security Vulnerabilities Show Up

Ubuntu's move to Rust-based system utilities has hit some bumps. Earlier, a bug in the Rust-based date command broke automatic updates. The command returned current time instead of file modification timestamps, causing Ubuntu 25.10 systems to stop automatically checking for software updates.

That issue was quickly fixed, but now, two security vulnerabilities have been found in sudo-rs.

Better Now than Later

The first vulnerability involves password exposure during timeouts. When users type a password but don't press enter, the timeout causes those keystrokes to replay onto the console. This could reveal partial passwords in shell history or on screen.

The second issue affects timestamp authentication. When Defaults targetpw or Defaults rootpw options are enabled, sudo-rs incorrectly recorded the wrong user ID in timestamps. This allowed bypassing authentication by reusing cached credentials even when policy required a different password.

Patches for both issues have been released in sudo-rs 0.2.10. Ubuntu is set to push the fixes through a Stable Release Update (SRU).

These bugs being caught in Ubuntu 25.10 is actually a good sign. The interim release serves as a testing ground before Ubuntu 26.04 LTS arrives in April 2026. Finding critical security flaws now allows developers ample time to address them.

Here's the Fix!

At the time of writing, the updated sudo-rs package had not yet arrived in the Ubuntu 25.10 repositories. But it should be available soon.

Once the update is live, you can get the fix using the graphical Software Updater tool by launching it from your application menu and installing any available security updates.

Alternatively, you can use the terminal. Run these commands one after the other to get the patch:

sudo-rs update

sudo-rs upgrade

PS: Using sudo instead of sudo-rs also works the same.

Via: Phoronix

Suggested Read 📖

0 Comments

Sign In

Welcome to CodeNameJessica

✨ Welcome to CodeNameJessica! ✨

Ubuntu's Rust Transition Hits Another Bump as sudo-rs Security Vulnerabilities Show Up

Better Now than Later

Here's the Fix!

0 Comments

Recommended Comments

Important Information

Account

Navigation

Search

Configure browser push notifications

Chrome (Android)

Chrome (Desktop)

Safari (iOS 16.4+)

Safari (macOS)

Edge (Android)

Edge (Desktop)

Firefox (Android)

Firefox (Desktop)