The latest versions of Ubuntu have an urgent security issue that must be patched immediately.

Other Linux distributions are not affected.

The problem is how Ubuntu developers assigned excessive access rights to pam_motd for it to access the file motd.legal-notice in a user’s local cache directory. This file just exists to create user’s file stamp but root level rights were given to the module. Big oops.

A local attacker only needs to create a symlink from a user cache to the password file to gain root access.

Patches can be found here.