← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1595507] Re: World readable X11 Cookie key logger

 

This bug was fixed in the package kinit - 5.18.0-0ubuntu1.1

---------------
kinit (5.18.0-0ubuntu1.1) xenial-security; urgency=medium

  * SECURITY UPDATE: World readable X11 Cookie permissions problem
    (LP: #1595507)
    - add upstream_permissions-of-tmp-xauth-xxx-_y.diff
    - add upstream_Fix-race-in-which-the-file-containing-the-X11-cookie.diff
    - CVE-2016-3100
  * Update the Vcs URLs now that the repositories are hosted on
    Launchpad

 -- Philip Muškovac <yofel@xxxxxxxxxxx>  Fri, 24 Jun 2016 15:56:13 -0700

** Changed in: kinit (Ubuntu Xenial)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1595507

Title:
  World readable X11 Cookie key logger

Status in kinit package in Ubuntu:
  Fix Released
Status in kinit source package in Xenial:
  Fix Released

Bug description:
  KDE Project Security Advisory
  =============================

  Title:          kinit: World readable X11 Cookie key logger
  Risk Rating:    Important
  CVE:            CVE-2016-3100
  Platforms:      X11
  Versions:       kinit < 5.23
  Author:         Siddharth Sharma siddharth.kde@xxxxxxxxx
  Date:           21 June 2016

  Overview
  ========

  An authorized user can log key events of other user by accessing
  world-readable X11 cookie

  
  Impact
  ======

  Pre-authenticated attacker can read all key events by the users logged on
  to the system.

  Workaround
  ==========

  None

  Solution
  ========

  For kinit apply the following patches:
  https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd
  https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=72f3702dbe6cf15c06dc13da2c99c864e9022a58

  References
  ==========

  https://bugs.kde.org/show_bug.cgi?id=358593
  https://bugs.kde.org/show_bug.cgi?id=363140

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: kinit 5.18.0-0ubuntu1
  ProcVersionSignature: Ubuntu 4.4.0-24.43-generic 4.4.10
  Uname: Linux 4.4.0-24-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.1
  Architecture: amd64
  CurrentDesktop: KDE
  Date: Thu Jun 23 14:06:42 2016
  InstallationDate: Installed on 2016-02-11 (132 days ago)
  InstallationMedia: Ubuntu 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805)
  SourcePackage: kinit
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kinit/+bug/1595507/+subscriptions


References