Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 9 May 2017 08:18:49 +0800
From: Medical Wei <>
Subject: lxterminal: insecurely uses /tmp for a socket file

A vulnerability has been found that unixsocket.c in lxterminal insecurely uses
/tmp for a socket file, allowing a local user to cause a denial of service
(preventing terminal launch) or possibly have other impact.

This bug has been assigned to CVE-2016-10369 [1], and has been publicly
discussed in Stackexchange website [2].

A bug fix has been committed to the lxterminal's git repository [3], and LXDE
developers are working on a release.


Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.