group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #05176
[Bug 1595507] [NEW] World readable X11 Cookie key logger
Public bug reported:
KDE Project Security Advisory
=============================
Title: kinit: World readable X11 Cookie key logger
Risk Rating: Important
CVE: CVE-2016-3100
Platforms: X11
Versions: kinit < 5.23
Author: Siddharth Sharma siddharth.kde@xxxxxxxxx
Date: 21 June 2016
Overview
========
An authorized user can log key events of other user by accessing
world-readable X11 cookie
Impact
======
Pre-authenticated attacker can read all key events by the users logged on
to the system.
Workaround
==========
None
Solution
========
For kinit apply the following patches:
https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd
https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=72f3702dbe6cf15c06dc13da2c99c864e9022a58
References
==========
https://bugs.kde.org/show_bug.cgi?id=358593
https://bugs.kde.org/show_bug.cgi?id=363140
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: kinit 5.18.0-0ubuntu1
ProcVersionSignature: Ubuntu 4.4.0-24.43-generic 4.4.10
Uname: Linux 4.4.0-24-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: KDE
Date: Thu Jun 23 14:06:42 2016
InstallationDate: Installed on 2016-02-11 (132 days ago)
InstallationMedia: Ubuntu 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805)
SourcePackage: kinit
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: kinit (Ubuntu)
Importance: High
Assignee: Philip Muškovac (yofel)
Status: New
** Affects: kinit (Ubuntu Xenial)
Importance: High
Assignee: Philip Muškovac (yofel)
Status: New
** Tags: amd64 apport-bug xenial
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-3100
** Changed in: kinit (Ubuntu)
Importance: Undecided => High
** Changed in: kinit (Ubuntu)
Assignee: (unassigned) => Philip Muškovac (yofel)
** Also affects: kinit (Ubuntu Xenial)
Importance: Undecided
Status: New
** Changed in: kinit (Ubuntu Xenial)
Importance: Undecided => High
** Changed in: kinit (Ubuntu Xenial)
Assignee: (unassigned) => Philip Muškovac (yofel)
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1595507
Title:
World readable X11 Cookie key logger
Status in kinit package in Ubuntu:
New
Status in kinit source package in Xenial:
New
Bug description:
KDE Project Security Advisory
=============================
Title: kinit: World readable X11 Cookie key logger
Risk Rating: Important
CVE: CVE-2016-3100
Platforms: X11
Versions: kinit < 5.23
Author: Siddharth Sharma siddharth.kde@xxxxxxxxx
Date: 21 June 2016
Overview
========
An authorized user can log key events of other user by accessing
world-readable X11 cookie
Impact
======
Pre-authenticated attacker can read all key events by the users logged on
to the system.
Workaround
==========
None
Solution
========
For kinit apply the following patches:
https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd
https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=72f3702dbe6cf15c06dc13da2c99c864e9022a58
References
==========
https://bugs.kde.org/show_bug.cgi?id=358593
https://bugs.kde.org/show_bug.cgi?id=363140
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: kinit 5.18.0-0ubuntu1
ProcVersionSignature: Ubuntu 4.4.0-24.43-generic 4.4.10
Uname: Linux 4.4.0-24-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: KDE
Date: Thu Jun 23 14:06:42 2016
InstallationDate: Installed on 2016-02-11 (132 days ago)
InstallationMedia: Ubuntu 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805)
SourcePackage: kinit
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kinit/+bug/1595507/+subscriptions
Follow ups
