USN-2402-1: KDE workspace vulnerability
11 November 2014
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
KDE workspace could be made to crash or run programs as an administrator.
- kde-workspace - KDE Plasma Workspace components
David Edmundson discovered that the KDE Clock KCM policykit helper did not properly guard against untrusted input. Under certain circumstances, a process running under the user’s session could exploit this to run programs as the administrator.
The problem can be corrected by updating your system to the following package versions:
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.