==========================================================================
Ubuntu Security Notice USN-2741-1
September 16, 2015
unity-settings-daemon vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 15.04
– Ubuntu 14.04 LTS
Summary:
Unity Settings Daemon would allow mounting removable media while the screen
is locked.
Software Description:
– unity-settings-daemon: daemon handling the Unity session settings
Details:
It was discovered that the Unity Settings Daemon incorrectly allowed
removable media to be mounted when the screen is locked. If a vulnerability
were discovered in some other desktop component, such as an image library,
a local attacker could possibly use this issue to gain access to the
session.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.04:
unity-settings-daemon 15.04.1+15.04.20150408-0ubuntu1.2
Ubuntu 14.04 LTS:
unity-settings-daemon 14.04.0+14.04.20150825-0ubuntu2
After a standard system update you need to restart your session to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2741-1
CVE-2015-1319
Package Information:
https://launchpad.net/ubuntu/+source/unity-settings-daemon/15.04.1+15.04.20150408-0ubuntu1.2
https://launchpad.net/ubuntu/+source/unity-settings-daemon/14.04.0+14.04.20150825-0ubuntu2
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAEBCgAGBQJV+axRAAoJEGVp2FWnRL6T4t8QAKIObcuZ/Qf6QVVMrZ2hYfqo
1R9CoRUN4BFGALyz1T8S183M7DDtq/HWxOX85Ec1LqkoRpQF4iHENY5zUgbffCWd
SBI4BdHcIdNskPXMDuoQBYtZXof7WR5k1wXL/2Wd4ukgxQnC/A56y/h8b+jVRZZE
+G8O/XCpg+U0CTGRkP7Fz/5HdiHo9n/LES+/Bis8kZpVzo76wba0ZlKzdbTSHd8T
SV1/UkKx9Or9BdX9DUpjm11NyztNnZsupNjo0L+15yrvoaHbH8875wZPU9cL3p34
evsXj8Or7HKVjE4COJnYT7ihNwBAv7K8a7TmPE+ptAEY93crzq6hLNkc7n8seQgX
uQXkghKu7DipFJmFJFvJpeoh4mm9YJYqDy0/PpXb7iot+Q7ywvMPapuqH8FC5eCU
qBA8JpEgmOR94ssW16heLSWj7bxJOATxsQNh3XJkXSJzUErT27WD3HZM/1rUrj6k
nnU4U3GSEpZxowMOlKtOO8daEmUQtaDhu4pXy32aZKIxyyuVy5q0QDjdszc3PqUx
Xz9OqaI2yeJX0DQzcoQgB2pjlQIjN11swPpQWLwyxrJ2cW/t3BX3gN8bZyHuro9u
91zt6kIje34g6qonGLRh5Gyyg8LXeMvLyiwV1ijguw0jL2M9ggleGWlhHCt/YJVM
i/T83A4hgPb9ReM2o6O1
=+O9N
—–END PGP SIGNATURE—–
—