==========================================================================
Ubuntu Security Notice USN-3607-1
March 26, 2018

screen-resolution-extra vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Screen Resolution Extra could be tricked into bypassing PolicyKit
authorizations.

Software Description:
– screen-resolution-extra: Extension for the GNOME screen resolution applet

Details:

It was discovered that Screen Resolution Extra was using PolicyKit in an
unsafe manner. A local attacker could potentially exploit this issue to
bypass intended PolicyKit authorizations.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
screen-resolution-extra 0.17.1.1

Ubuntu 16.04 LTS:
screen-resolution-extra 0.17.1.1~16.04.1

Ubuntu 14.04 LTS:
screen-resolution-extra 0.17.1.1~14.04.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3607-1
CVE-2018-8885

Package Information:
https://launchpad.net/ubuntu/+source/screen-resolution-extra/0.17.1.1
https://launchpad.net/ubuntu/+source/screen-resolution-extra/0.17.1.1~16.04.1
https://launchpad.net/ubuntu/+source/screen-resolution-extra/0.17.1.1~14.04.1

—–BEGIN PGP SIGNATURE—–

iQEcBAEBCAAGBQJauWwNAAoJEGEfvezVlG4P2DAH/RR85kdJTbZTz4rqo5toAL+j
23tSWS7J+qGFkApEJNk7Ec8r5bGs9ioyjPf5V47RPDaATdmZa1auAyCDWM4Jg75H
WRDoKcPjSaaCodefihXVLtd4Y2I89YC94Z/HLbBsn19niSP6NmmWk7g2Te1jWk2P
0YDSxR+qMCigR86h1wcG7rP1T+pRHlYDKk/mJedIOZfp15nGpgzXvVNfMAdogI9U
70WWOqs9JbmkLg8YZriv4FqyxoJTaRsQd07tyH4h02+XWvMV50TcG526rp5IO9r2
RaUjuLfKRlyXjjmKAh2uf30oLE1zOwlcoZT+pYqzvaPdVjjuSMs6ZUSMrHdu5iw=
=tui1
—–END PGP SIGNATURE—–
—