Thursday, April 23, 2015

USN-2576-2: usb-creator vulnerability

Ubuntu Security Notice USN-2576-2

23rd April, 2015

usb-creator vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu (vivid)

Summary

usb-creator could be tricked into running programs as an administrator.

Software description

  • usb-creator - create a startup disk using a CD or disc image

Details

USN-2576-1 fixed a vulnerability in usb-creator. This update provides the
corresponding fix for Ubuntu 15.04.

Original advisory details:

Tavis Ormandy discovered that usb-creator was missing an authentication
check. A local attacker could use this issue to gain elevated privileges.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu (vivid):
usb-creator-common 0.2.67ubuntu0.1

To update your system, please follow these instructions: http://ift.tt/17VXqjU.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

LP: 1447396



from Ubuntu Security Notices http://ift.tt/1DT0JXq
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)