Date: Tue, 9 May 2017 08:18:49 +0800 From: Medical Wei <mwei@...e.org> To: oss-security@...ts.openwall.com Subject: lxterminal: insecurely uses /tmp for a socket file A vulnerability has been found that unixsocket.c in lxterminal insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch) or possibly have other impact. This bug has been assigned to CVE-2016-10369 , and has been publicly discussed in Stackexchange website . A bug fix has been committed to the lxterminal's git repository , and LXDE developers are working on a release. : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10369 : https://unix.stackexchange.com/questions/333539/lxterminal-in-the-netstat-output/333578 : https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648 Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.