USN-3246-1: Eject vulnerability
27 March 2017
Eject could be made to run programs as an administrator.
- eject - ejects CDs and operates CD-Changers under Linux
Ilja Van Sprundel discovered that dmcrypt-get-device incorrectly checked setuid
and setgid return values. A local attacker could use this issue to execute code
as an administrator.
The problem can be corrected by updating your system to the following package versions:
In general, a standard system update will make all the necessary changes.