| Bug ID | 1038127 |
|---|---|
| Summary | VUL-1: CVE-2016-10369: lxterminal: insecure /tmp usage for a socket file (unixsocket.c) |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 42.2 |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | security-team@suse.de |
| Reporter | mikhail.kasimov@gmail.com |
| QA Contact | qa-bugs@suse.de |
| Found By | --- |
| Blocker | --- |
Ref: https://nvd.nist.gov/vuln/detail/CVE-2016-10369 ===================================================== Description unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control). ===================================================== Hyperlink [1] https://bugs.debian.org/862098 [2] https://unix.stackexchange.com/questions/333539/lxterminal-in-the-netstat-output/333578 [3] https://security-tracker.debian.org/tracker/CVE-2016-10369 [4] https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648 (Fix) (open-)SUSE: https://software.opensuse.org/package/lxterminal 0.3.0 (TW, official repo) 0.2.0 (42.{1,2}, official repo)