Canonical Plugs Critical Usb-creator Exploit in Ubuntu 13.04

A couple of other Ubuntu supported systems have been affected by this problem

By on September 19th, 2013 12:47 GMT

On September 18, in a security notice, Canonical published details about a usb-creator vulnerability in its Ubuntu 13.04, Ubuntu 12.10, and Ubuntu 12.04 LTS, operating systems.

According to Canonical, SPICE could have been made to crash, if it received specially crafted network traffic.

It has been discovered that usb-creator has been using polkit in an unsafe manner. A local attacker could have possibly used this issue to bypass the intended polkit authorizations.

For a more detailed description of the security problems, you can see Canonical's security notification.

The security flaws can be fixed if you upgrade your system(s) to the latest usb-creator-common packages, specific to each distribution. To apply the update, run the Update Manager application.

In general, a standard system update will make all the necessary changes. A system restart will be necessary to implement the changes.

Comments