[USN-2741-1] Unity Settings Daemon vulnerability
Marc Deslauriers
marc.deslauriers at canonical.com
Wed Sep 16 17:52:17 UTC 2015
==========================================================================
Ubuntu Security Notice USN-2741-1
September 16, 2015
unity-settings-daemon vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.04 LTS
Summary:
Unity Settings Daemon would allow mounting removable media while the screen
is locked.
Software Description:
- unity-settings-daemon: daemon handling the Unity session settings
Details:
It was discovered that the Unity Settings Daemon incorrectly allowed
removable media to be mounted when the screen is locked. If a vulnerability
were discovered in some other desktop component, such as an image library,
a local attacker could possibly use this issue to gain access to the
session.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.04:
unity-settings-daemon 15.04.1+15.04.20150408-0ubuntu1.2
Ubuntu 14.04 LTS:
unity-settings-daemon 14.04.0+14.04.20150825-0ubuntu2
After a standard system update you need to restart your session to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2741-1
CVE-2015-1319
Package Information:
https://launchpad.net/ubuntu/+source/unity-settings-daemon/15.04.1+15.04.20150408-0ubuntu1.2
https://launchpad.net/ubuntu/+source/unity-settings-daemon/14.04.0+14.04.20150825-0ubuntu2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20150916/7d22c7e5/attachment.sig>
More information about the ubuntu-security-announce
mailing list