The Ubuntu Project has released a fix for a bug in version 5.10 of its Linux operating system that could expose sensitive information.
The installer in Ubuntu 5.10 fails to clean user passwords in the installer log files, leaving the passwords exposed to anyone who opens the log file. A malicious, local user could exploit the flaw to gain access to the first user account, which has full sudo privileges. Sudo is a tool that allows administrators to give users elevated privileges.
Ubuntu has released updated packages that fix the problem by removing the passwords and making the log files readable only by root. More information about the updates is available on Ubuntu's Web site: http://www.ubuntu.com/usn/usn-262-1.
The vulnerability, which was first reported on the Ubuntu forums, was deemed "less critical" by security firm Secunia: http://secunia.com/advisories/19200/.
The Debian-based Ubuntu distribution of Linux was launched in 2004 by South African dot-com billionaire Mark Shuttleworth.