Linux users should immediately patch a serious vulnerability to the sudo command that, if exploited, can allow unprivileged users gain root privileges on the host machine.\nCalled Baron Samedit, the flaw has been \u201chiding in plain sight\u201d for about 10 years, and was discovered earlier this month by researchers at Qualys and reported to sudo developers, who came up with patches Jan. 19, according to a Qualys blog. (The blog includes a video of the flaw being exploited.)\n\nA new version of sudo\u2014sudo v1.9.5p2\u2014has been created to patch the problem, and notifications have been posted for many Linux distros including Debian, Fedora, Gentoo, Ubuntu, and SUSE, according to Qualys.\nAccording to the common vulnerabilities and exposures (CVE) description of Baron Samedit (CVE-2021-3156), the flaw can be exploited \u201cvia \u2018sudoedit -s\u2019 and a command-line argument that ends with a single backslash character.\u201d\nAccording\u00a0 to Qualys, the flaw was introduced in July 2011 and affects legacy versions from 1.8.2 to 1.8.31p2 as well as default configurations of versions from 1.9.0 to 1.9.5p1.\nThe purpose of sudo is for adminst to administer user system privileges.\n\n\n\n\n\nFor Ubuntu users, the patched sudo version appears to be related to the version of the OS you are running. The Ubuntu site shows this release-specific information for the flaw:\nUbuntu 21.04 (Hirsute Hippo) Released (1.9.4p2-2ubuntu2)Ubuntu 20.10 (Groovy Gorilla) Released (1.9.1-1ubuntu1.1)Ubuntu 20.04 LTS (Focal Fossa) Released (1.8.31-1ubuntu1.2)Ubuntu 18.04 LTS (Bionic Beaver) Released (1.8.21p2-3ubuntu1.4)Ubuntu 16.04 LTS (Xenial Xerus) Released (1.8.16-0ubuntu1.10)Ubuntu 14.04 ESM (Trusty Tahr) Released (1.8.9p5-1ubuntu1.5+esm6)\nUse the sudo -version command to view which release you are running. Checking sudo on a 20.04 system, for example, you might see this:\n$ sudo \u2014version\nSudo version 1.8.31\nSudoers policy plugin version 1.8.31\nSudoers file grammar version 46\nSudoers I\/O plugin version 1.8.31\n\nAnother way to determine if your systems are vulnerable is to run a command such as sudoedit -s \/. If the command returns a usage statement, your system is OK. If it returns an error starting with \u201csudoedit\u201d, you need the patch.