Ubuntu Security Notice USN-2576-1
23rd April, 2015
usb-creator vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary
usb-creator could be tricked into running programs as an administrator.
Software description
- usb-creator
– create a startup disk using a CD or disc image
Details
Tavis Ormandy discovered that usb-creator was missing an authentication
check. A local attacker could use this issue to gain elevated privileges.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 14.10:
-
usb-creator-common
0.2.62ubuntu0.3
- Ubuntu 14.04 LTS:
-
usb-creator-common
0.2.56.3ubuntu0.1
- Ubuntu 12.04 LTS:
-
usb-creator-common
0.2.38.3ubuntu0.1
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
After a standard system update you need to reboot your computer to make
all the necessary changes.