Evan Broder

**Name of the Vulnerable Software and Affected Versions** usb-creator versions prior to 0.2.28.3 **Description** The issue allows local users to perform arbitrary unmount operations. This is due to the failure of usb-creator-helper to enforce intended PolicyKit restrictions. The UnmountFile method can be exploited via a dbus-send command. **Recommendations** For versions prior to 0.2.28.3, update to version 0.2.28.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the UnmountFile method to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** sudo versions 1.3.1 through 1.6.9p22 sudo versions 1.7.0 through 1.7.2p6 **Description** The issue is related to the secure path feature in sudo, which does not properly handle an environment containing multiple PATH variables. This could allow local users to gain privileges via a crafted value of the last PATH variable. Multiple vulnerabilities in the sudo package may lead to disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited by a local attacker. **Recommendations** For sudo versions 1.3.1 through 1.6.9p22, update to a version newer than 1.6.9p22 to resolve the issue. For sudo versions 1.7.0 through 1.7.2p6, update to a version newer than 1.7.2p6 to resolve the issue. As a temporary workaround, consider restricting access to the sudo functionality until a patch is available.