[Bug 1038127] New: VUL-1: CVE-2016-10369: lxterminal: insecure /tmp usage for a socket file (unixsocket.c)
http://bugzilla.opensuse.org/show_bug.cgi?id=1038127 Bug ID: 1038127 Summary: VUL-1: CVE-2016-10369: lxterminal: insecure /tmp usage for a socket file (unixsocket.c) Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Ref: https://nvd.nist.gov/vuln/detail/CVE-2016-10369 ===================================================== Description unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control). ===================================================== Hyperlink [1] https://bugs.debian.org/862098 [2] https://unix.stackexchange.com/questions/333539/lxterminal-in-the-netstat-ou... [3] https://security-tracker.debian.org/tracker/CVE-2016-10369 [4] https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f... (Fix) (open-)SUSE: https://software.opensuse.org/package/lxterminal 0.3.0 (TW, official repo) 0.2.0 (42.{1,2}, official repo) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1038127
Mikhail Kasimov
http://bugzilla.opensuse.org/show_bug.cgi?id=1038127
http://bugzilla.opensuse.org/show_bug.cgi?id=1038127#c3
Andreas Stieger
participants (1)
-
bugzilla_noreply@novell.com