USN-2741-1: Unity Settings Daemon vulnerability

16 September 2015

unity-settings-daemon vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.04 LTS

Summary

Unity Settings Daemon would allow mounting removable media while the screen is locked.

Software Description

  • unity-settings-daemon - daemon handling the Unity session settings

Details

It was discovered that the Unity Settings Daemon incorrectly allowed removable media to be mounted when the screen is locked. If a vulnerability were discovered in some other desktop component, such as an image library, a local attacker could possibly use this issue to gain access to the session.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04
unity-settings-daemon - 15.04.1+15.04.20150408-0ubuntu1.2
Ubuntu 14.04 LTS
unity-settings-daemon - 14.04.0+14.04.20150825-0ubuntu2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make all the necessary changes.

References