diff -Nru usb-creator-0.2.38.3/bin/usb-creator-helper usb-creator-0.2.38.3ubuntu0.1/bin/usb-creator-helper --- usb-creator-0.2.38.3/bin/usb-creator-helper 2013-12-16 23:41:32.000000000 +0000 +++ usb-creator-0.2.38.3ubuntu0.1/bin/usb-creator-helper 2015-04-23 03:45:51.000000000 +0000 @@ -90,9 +90,11 @@ return True return False - @dbus.service.method(USBCREATOR_IFACE, in_signature='sa{ss}', out_signature='') - def KVMTest(self, device, env): + @dbus.service.method(USBCREATOR_IFACE, in_signature='sa{ss}', out_signature='', + sender_keyword='sender', connection_keyword='conn') + def KVMTest(self, device, env, sender=None, conn=None): '''Run KVM with the freshly created device as the first disk.''' + self.check_polkit(sender, conn, 'com.ubuntu.usbcreator.kvm') for key in ('DISPLAY', 'XAUTHORITY'): if key not in env: logging.debug('Missing %s' % key) diff -Nru usb-creator-0.2.38.3/dbus/com.ubuntu.usbcreator.policy.in usb-creator-0.2.38.3ubuntu0.1/dbus/com.ubuntu.usbcreator.policy.in --- usb-creator-0.2.38.3/dbus/com.ubuntu.usbcreator.policy.in 2013-12-16 23:41:32.000000000 +0000 +++ usb-creator-0.2.38.3ubuntu0.1/dbus/com.ubuntu.usbcreator.policy.in 2015-04-23 03:19:05.000000000 +0000 @@ -44,5 +44,14 @@ auth_admin_keep + + <_description>Run KVM + <_message>System policy prevents running KVM + + no + no + auth_admin_keep + + diff -Nru usb-creator-0.2.38.3/debian/changelog usb-creator-0.2.38.3ubuntu0.1/debian/changelog --- usb-creator-0.2.38.3/debian/changelog 2013-12-17 00:08:33.000000000 +0000 +++ usb-creator-0.2.38.3ubuntu0.1/debian/changelog 2015-04-23 03:18:51.000000000 +0000 @@ -1,3 +1,13 @@ +usb-creator (0.2.38.3ubuntu0.1) precise-security; urgency=medium + + * SECURITY UPDATE: privilege escalation via missing polkit check + (LP: #1447396) + - bin/usb-creator-helper, dbus/com.ubuntu.usbcreator.policy.in: add + proper polkit integration for KVM use. + - CVE number pending + + -- Marc Deslauriers Wed, 22 Apr 2015 23:18:51 -0400 + usb-creator (0.2.38.3) precise-proposed; urgency=low [ Chris Wulff ] diff -Nru usb-creator-0.2.38.3/debian/control usb-creator-0.2.38.3ubuntu0.1/debian/control --- usb-creator-0.2.38.3/debian/control 2013-12-16 23:41:32.000000000 +0000 +++ usb-creator-0.2.38.3ubuntu0.1/debian/control 2015-04-23 03:19:19.000000000 +0000 @@ -1,7 +1,8 @@ Source: usb-creator Section: admin Priority: optional -Maintainer: usb-creator Hackers Team +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: usb-creator Hackers Team Uploaders: Dmitrijs Ledkovs , Ignace Mouzannar Build-Depends: debhelper (>= 7.2.11~), dh-translations,