All the other supported OSes have been affected as well

Apr 23, 2015 18:01 GMT  ·  By

Canonical has just published details regarding the first vulnerability identified and fixed for a package present in Ubuntu 15.04 (Vivid Vervet).

Ubuntu 15.04 (Vivid Vervet) was released today and developers have already pushed the first update for one of the packages, the USB creator. It's also called the Startup Disk Creator, and a developer found out that it could have been tricked into running programs as an administrator.

"Tavis Ormandy discovered that usb-creator was missing an authentication check. A local attacker could use this issue to gain elevated privileges," is noted in the official security notification. As usual, it's important to update the system as soon as possible. The problem also affected Ubuntu 14.10, Ubuntu 14.04 LTS, and Ubuntu 12.04 LTS.

For a more detailed description of the problems, you can see Canonical's security notification. The problem can be corrected if you upgrade your system(s) to the latest usb-creator-common package. To apply the patch, you can simply run the Update Manager application, but you can also use the terminal.

Open a terminal and enter the following commands (you will need to be root and you will need Internet access):

code
sudo apt-get update
sudo apt-get dist-upgrade
A standard system update will make all the necessary changes, and there is no need to reboot the system.