• United States
by Shelley Solheim

Ubuntu releases bug fix

Mar 13, 20061 min

The Ubuntu Project has released a fix for a bug in version 5.10 of its Linux operating system that could expose sensitive information.

The installer in Ubuntu 5.10 fails to clean user passwords in the installer log files, leaving the passwords exposed to anyone who opens them. A malicious local user could exploit the flaw to gain access to the first user account, which has full sudo privileges. Sudo is a tool that allows administrators to give users elevated privileges.

Ubuntu has released updated packages that fix the problem by removing the passwords and making the log files readable only by root. More information about the updates is available on Ubuntu’s Web site at

The vulnerability, which was first reported in Ubuntu’s forums, was deemed “less critical” by security firm Secunia (

The Debian-based Ubuntu distribution of Linux was launched in 2004 by South African dot-com billionaire Mark Shuttleworth.