Bug ID | 1038127 |
---|---|
Summary | VUL-1: CVE-2016-10369: lxterminal: insecure /tmp usage for a socket file (unixsocket.c) |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 42.2 |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Security |
Assignee | security-team@suse.de |
Reporter | mikhail.kasimov@gmail.com |
QA Contact | qa-bugs@suse.de |
Found By | --- |
Blocker | --- |
Ref: https://nvd.nist.gov/vuln/detail/CVE-2016-10369 ===================================================== Description unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control). ===================================================== Hyperlink [1] https://bugs.debian.org/862098 [2] https://unix.stackexchange.com/questions/333539/lxterminal-in-the-netstat-output/333578 [3] https://security-tracker.debian.org/tracker/CVE-2016-10369 [4] https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648 (Fix) (open-)SUSE: https://software.opensuse.org/package/lxterminal 0.3.0 (TW, official repo) 0.2.0 (42.{1,2}, official repo)