========================================================================== Ubuntu Security Notice USN-3246-1 March 27, 2017
eject vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: Eject could be made to run programs as an administrator. Software Description: - eject: ejects CDs and operates CD-Changers under Linux Details: Ilja Van Sprundel discovered that dmcrypt-get-device incorrectly checked setuid and setgid return values. A local attacker could use this issue to execute code as an administrator. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.10: eject 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.10.1 Ubuntu 16.04 LTS: eject 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 Ubuntu 14.04 LTS: eject 2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1 Ubuntu 12.04 LTS: eject 2.1.5+deb1+cvs20081104-9ubuntu0.1 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-3246-1 CVE-2017-6964 Package Information: https://launchpad.net/ubuntu/+source/eject/2.1.5+deb1+cvs20081104-13.1ubuntu0.16.10.1 https://launchpad.net/ubuntu/+source/eject/2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 https://launchpad.net/ubuntu/+source/eject/2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1 https://launchpad.net/ubuntu/+source/eject/2.1.5+deb1+cvs20081104-9ubuntu0.1
signature.asc
Description: PGP signature
-- ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
