group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #05277
[Bug 1595507] Re: World readable X11 Cookie key logger
This bug was fixed in the package kinit - 5.18.0-0ubuntu1.1
---------------
kinit (5.18.0-0ubuntu1.1) xenial-security; urgency=medium
* SECURITY UPDATE: World readable X11 Cookie permissions problem
(LP: #1595507)
- add upstream_permissions-of-tmp-xauth-xxx-_y.diff
- add upstream_Fix-race-in-which-the-file-containing-the-X11-cookie.diff
- CVE-2016-3100
* Update the Vcs URLs now that the repositories are hosted on
Launchpad
-- Philip Muškovac <yofel@xxxxxxxxxxx> Fri, 24 Jun 2016 15:56:13 -0700
** Changed in: kinit (Ubuntu Xenial)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1595507
Title:
World readable X11 Cookie key logger
Status in kinit package in Ubuntu:
Fix Released
Status in kinit source package in Xenial:
Fix Released
Bug description:
KDE Project Security Advisory
=============================
Title: kinit: World readable X11 Cookie key logger
Risk Rating: Important
CVE: CVE-2016-3100
Platforms: X11
Versions: kinit < 5.23
Author: Siddharth Sharma siddharth.kde@xxxxxxxxx
Date: 21 June 2016
Overview
========
An authorized user can log key events of other user by accessing
world-readable X11 cookie
Impact
======
Pre-authenticated attacker can read all key events by the users logged on
to the system.
Workaround
==========
None
Solution
========
For kinit apply the following patches:
https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd
https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=72f3702dbe6cf15c06dc13da2c99c864e9022a58
References
==========
https://bugs.kde.org/show_bug.cgi?id=358593
https://bugs.kde.org/show_bug.cgi?id=363140
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: kinit 5.18.0-0ubuntu1
ProcVersionSignature: Ubuntu 4.4.0-24.43-generic 4.4.10
Uname: Linux 4.4.0-24-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.1
Architecture: amd64
CurrentDesktop: KDE
Date: Thu Jun 23 14:06:42 2016
InstallationDate: Installed on 2016-02-11 (132 days ago)
InstallationMedia: Ubuntu 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805)
SourcePackage: kinit
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kinit/+bug/1595507/+subscriptions
References