USN-2741-1: Unity Settings Daemon vulnerability

Ubuntu Security Notice USN-2741-1

16th September, 2015

unity-settings-daemon vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 15.04
  • Ubuntu 14.04 LTS

Summary

Unity Settings Daemon would allow mounting removable media while the screen is locked.

Software description

  • unity-settings-daemon - daemon handling the Unity session settings

Details

It was discovered that the Unity Settings Daemon incorrectly allowed
removable media to be mounted when the screen is locked. If a vulnerability
were discovered in some other desktop component, such as an image library,
a local attacker could possibly use this issue to gain access to the
session.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 15.04:
unity-settings-daemon 15.04.1+15.04.20150408-0ubuntu1.2
Ubuntu 14.04 LTS:
unity-settings-daemon 14.04.0+14.04.20150825-0ubuntu2

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to restart your session to make
all the necessary changes.

References

CVE-2015-1319