Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 9 May 2017 08:18:49 +0800
From: Medical Wei <mwei@...e.org>
To: oss-security@...ts.openwall.com
Subject: lxterminal: insecurely uses /tmp for a socket file

A vulnerability has been found that unixsocket.c in lxterminal insecurely uses
/tmp for a socket file, allowing a local user to cause a denial of service
(preventing terminal launch) or possibly have other impact.

This bug has been assigned to CVE-2016-10369 [1], and has been publicly
discussed in Stackexchange website [2].

A bug fix has been committed to the lxterminal's git repository [3], and LXDE
developers are working on a release.

[1]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10369
[2]: https://unix.stackexchange.com/questions/333539/lxterminal-in-the-netstat-output/333578
[3]: https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ