Critical security hole in Ubuntu Linux

As posted at Launchpad, Ubuntu Linux 5.10 has a security hole that might local users allow to gain root privileges using sudo. The password for the first user created during installation (who has sudo-priviliges by default) is stored in a plain-text file.

To protect your machine of getting hijacked by a local user you have two possibilites:

  1. change your password
  2. type sudo rm /var/log/installer/cdebconf/questions.dat on a command shell to delete the logfile

This problem is said to be fixed in Dapper (the next release of Ubuntu Linux) but there must a solution to fix this hole on all Breezy installation as this file will propably not be deleted on an upgrade to Dapper.