|
Message-Id: <326CB1CB-DD02-4B07-9420-01E8685C1A28@lxde.org>
Date: Tue, 9 May 2017 08:18:49 +0800
From: Medical Wei <mwei@...e.org>
To: oss-security@...ts.openwall.com
Subject: lxterminal: insecurely uses /tmp for a socket file
A vulnerability has been found that unixsocket.c in lxterminal insecurely uses
/tmp for a socket file, allowing a local user to cause a denial of service
(preventing terminal launch) or possibly have other impact.
This bug has been assigned to CVE-2016-10369 [1], and has been publicly
discussed in Stackexchange website [2].
A bug fix has been committed to the lxterminal's git repository [3], and LXDE
developers are working on a release.
[1]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10369
[2]: https://unix.stackexchange.com/questions/333539/lxterminal-in-the-netstat-output/333578
[3]: https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648
Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.