A privilege escalation vulnerability was discovered in sudo, a tool to allow users to run programs with the security privileges of another user.
pwfeedback was enabled in
/etc/sudoers, users could trigger a
stack-based buffer overflow in the privileged sudo process.
Note that whilst
pwfeedback is a default setting in some distributions (eg.
Linux Mint and elementary OS) it is not the upstream default and thus
should only exist if enabled by an administrator.
For Debian 7 Wheezy, these problems have been fixed in version 1.8.5p2-1+nmu3+deb7u6.
We recommend that you upgrade your sudo packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.