Ubuntu security notices
USN-3246-1: Eject vulnerability
USN-3246-1: Eject vulnerability Ubuntu Security Notice USN-3246-1 27th March, 2017 eject vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 16.10 Ubuntu 16.04 LTS Ubuntu 14.04 LTS Ubuntu 12.04 LTS Summary Eject could be made to run programs as an administrator. Software description eject – ejects CDs and operates CD-Changers under Linux Details Ilja Van Sprundel discovered that dmcrypt-get-device incorrectly checked setuidand setgid return values. A local attacker could use this issue to execute codeas an administrator. Update instructions The problem can be corrected by updating your system to the following package version: Ubuntu 16.10: eject 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.10.1 Ubuntu 16.04 LTS: eject 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 Ubuntu 14.04 LTS: eject 2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1 Ubuntu 12.04 LTS: eject 2.1.5+deb1+cvs20081104-9ubuntu0.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2017-6964 Source: [ more… ]