USN-2186-1: Date and Time Indicator vulnerability

Ubuntu Security Notice USN-2186-1

30th April, 2014

indicator-datetime vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 13.10

Summary

The Date and Time Indicator would allow unintended access.

Software description

  • indicator-datetime - Simple clock

Details

It was discovered that the Date and Time Indicator incorrectly allowed
Evolution to be opened at the greeter screen. An attacker could use this
issue to possibly gain unexpected access to applications such as a web
browser with privileges of the greeter user.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 13.10:
indicator-datetime 13.10.0+13.10.20131023.2-0ubuntu1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2013-7374