==========================================================================
Ubuntu Security Notice USN-2576-1
April 23, 2015
usb-creator vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 14.10
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
Summary:
usb-creator could be tricked into running programs as an administrator.
Software Description:
– usb-creator: create a startup disk using a CD or disc image
Details:
Tavis Ormandy discovered that usb-creator was missing an authentication
check. A local attacker could use this issue to gain elevated privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.10:
usb-creator-common 0.2.62ubuntu0.3
Ubuntu 14.04 LTS:
usb-creator-common 0.2.56.3ubuntu0.1
Ubuntu 12.04 LTS:
usb-creator-common 0.2.38.3ubuntu0.1
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2576-1
https://launchpad.net/bugs/1447396
Package Information:
https://launchpad.net/ubuntu/+source/usb-creator/0.2.62ubuntu0.3
https://launchpad.net/ubuntu/+source/usb-creator/0.2.56.3ubuntu0.1
https://launchpad.net/ubuntu/+source/usb-creator/0.2.38.3ubuntu0.1
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJVOPZEAAoJEGVp2FWnRL6TMvYP/jJTuym58o8zMTuf50gqkU7s
LM6EqxB8dbHeJGNT6MfDGjQIkNa1lmmH/SbzsgT0cnya3fCbeSAat/9dDbmx8lwH
2XIAfhXHhakDK7Vk6WoTLnlpbRjcYZY95VhXvYsvegwlQ1zC9fCGfFtgXRjMxgXX
556d+NUMJQrM9/a316PUpfANU99w7z+QylssKmqzJABh2XCPnCXZM0FWa++alHTP
O9X7iurv+n9t5GnNp4hHHT0vmj7K1x1LFZGzrhv8XA8pLBX0sGoe2O7xnA1a96Lp
3L2TUxNKIta1m/vmaV/dkWMCIdTgfCI7ntQJz2enkapV2n2WC6qIliSMHTrHpobz
IxBnE7kkd4QMbb4CFOeMsBDYBmsiG6xbiRhvWl2bTZ5xQiBzgy81X+rPyRfyR0Q2
fOadCqTrZOwJ/O74ZxQ20Zz8dHbpp9/ij/a6KOE+Zr/LgKngUz2Pd0n4vAGFTHxO
x+AGjkt1TYkchYau2A7EMVzJ1ERErjQkaSxboUx3yv3R3cZmAYbKxTF5Nj8q20Nq
+t2MB3+xBSHJJdr/i6Gq3iE/S2XSoePzrGXVYXQFt3fQThGe5BwSq81vslpY7a3f
VaOT9gXqLqzUkXAL4Ccu3YxSDEBW5TTIo9HGgitj9eIRSQqesZFdWQpJwqoC9Sxu
wWx9Jvq/sqS438IThHDT
=1xZS
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-2576-2
April 23, 2015
usb-creator vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
Summary:
usb-creator could be tricked into running programs as an administrator.
Software Description:
Details:
USN-2576-1 fixed a vulnerability in usb-creator. This update provides the
corresponding fix for Ubuntu 15.04.
Original advisory details:
Tavis Ormandy discovered that usb-creator was missing an authentication
check. A local attacker could use this issue to gain elevated privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2576-2
http://www.ubuntu.com/usn/usn-2576-1
https://launchpad.net/bugs/1447396
Package Information:
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJVOP2jAAoJEGVp2FWnRL6TxQoP/A5kzZIZzbuqNeFglkl0X/a5
zuYr760G35E571A580SPTHU6fhIQqX9gAnPQfHKCwF0kWUujsf043SXMAbWC4IYc
mAzNosHqMYunAX6p2iOuj/IUsNgWbYP8PmI8oXa3HcxyKU7ie/7WJcrqfu1Py52E
03C5hvV4wB+f7kdix8WtbHPPEfVfs8ohFGxSZnT40DrDTZkTjg/2iojivlqOoUTl
QrLABOmvCEqDp8n34/FjaXIH+MRsGWUbA54h7ThJWgDotklxHxrdAcz4+uQFgCCD
3sSYh2JEFmPDxrtPekpk+JE+9JEsHxJxBjrlymUD3HOnFJB3Ahez6eFkq7EpSbae
LES0PVHSQ3KMfY4hYuwYlQtruJAyVVc01ReCqWPJthc4Gl6vMRT+zajT6wtBJ5Pd
WGx9ycogCuikBhuubF3f+2T/lZqxuUN/j6QqsRJ3Fj52Tp+VMxUD43ukzeQhSj3m
Gq49sJzQEJVXutSvB4uucxLhD1YvArUwd+1fgnnDYj4voqbMU1k2Jq9z1mrY9i1L
2clK2mrO4zyGZg7z60VFTxxCbXIyyymrts0jnhm/JVSSAvXxoqXYkzXXolyMqDQo
4rpdjwbM0wOf4ujDVZiWgtONE81qvRvFHGteaNDQoiA+FUTrTGVDSlnnqbcB3APh
NfA5ZaXXWLESiYBcaJGy
=QxiF
—–END PGP SIGNATURE—–
—