Date: Mon, 15 May 2017 23:31:35 +0800 From: Yao Wei <mwei@...e.org> To: oss-security@...ts.openwall.com Subject: CVE-2017-8933 libmenu-cache: socket may be blocked by another user The socket placed in /tmp is predictable and public-writable. Therefore if one user placed a symlink to another socket instead of socket for another use then said another user will either be unable to get menu, or will receive menu of some other user. This bug has been assigned to CVE-2017-8933 . A fix has been committed to menu-cache's git repository . LXDE developers are working on a release which fixes the problem. : https://git.lxde.org/gitweb/?p=lxde/menu-cache.git;a=commitdiff;h=56f66684592abf257c4004e6e1fff041c64a12ce [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ