Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 9 May 2017 08:18:49 +0800
From: Medical Wei <>
Subject: lxterminal: insecurely uses /tmp for a socket file

A vulnerability has been found that unixsocket.c in lxterminal insecurely uses
/tmp for a socket file, allowing a local user to cause a denial of service
(preventing terminal launch) or possibly have other impact.

This bug has been assigned to CVE-2016-10369 [1], and has been publicly
discussed in Stackexchange website [2].

A bug fix has been committed to the lxterminal's git repository [3], and LXDE
developers are working on a release.


Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ