Wednesday, April 30, 2014

USN-2186-1: Date and Time Indicator vulnerability

Ubuntu Security Notice USN-2186-1


30th April, 2014


indicator-datetime vulnerability


A security issue affects these releases of Ubuntu and its derivatives:



  • Ubuntu 13.10


Summary


The Date and Time Indicator would allow unintended access.


Software description



  • indicator-datetime - Simple clock


Details


It was discovered that the Date and Time Indicator incorrectly allowed

Evolution to be opened at the greeter screen. An attacker could use this

issue to possibly gain unexpected access to applications such as a web

browser with privileges of the greeter user.


Update instructions


The problem can be corrected by updating your system to the following package version:



Ubuntu 13.10:

indicator-datetime 13.10.0+13.10.20131023.2-0ubuntu1.1


To update your system, please follow these instructions: http://bit.ly/1aJDvTw.


After a standard system update you need to reboot your computer to make

all the necessary changes.


References


CVE-2013-7374






via Ubuntu Security Notices http://bit.ly/1n1EfKU
Posted by at
Labels: ,

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)