Date: Tue, 9 May 2017 08:18:49 +0800 From: Medical Wei <mwei@...e.org> To: oss-security@...ts.openwall.com Subject: lxterminal: insecurely uses /tmp for a socket file A vulnerability has been found that unixsocket.c in lxterminal insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch) or possibly have other impact. This bug has been assigned to CVE-2016-10369 , and has been publicly discussed in Stackexchange website . A bug fix has been committed to the lxterminal's git repository , and LXDE developers are working on a release. : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10369 : https://unix.stackexchange.com/questions/333539/lxterminal-in-the-netstat-output/333578 : https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648 Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ