group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1690416] Re: [CVE] socket can be blocked by another user

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1690416@xxxxxxxxxxxxxxxxxx>
Date: Fri, 04 Aug 2017 01:04:21 -0000
Reply-to: Bug 1690416 <1690416@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package lxterminal - 0.2.0-1ubuntu0.1

---------------
lxterminal (0.2.0-1ubuntu0.1) xenial-security; urgency=high

  * SECURITY UPDATE: insecure /tmp use denial of service (LP: #1690416)
    - debian/patches/fix-CVE-2016-10369.patch
    - CVE-2016-10369

 -- Simon Quigley <tsimonq2@xxxxxxxxxx>  Tue, 11 Jul 2017 00:48:57 -0500

** Changed in: lxterminal (Ubuntu Xenial)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1690416

Title:
  [CVE] socket can be blocked by another user

Status in lxterminal package in Ubuntu:
  Fix Released
Status in lxterminal source package in Trusty:
  Confirmed
Status in lxterminal source package in Xenial:
  Fix Released
Status in lxterminal source package in Zesty:
  Fix Released
Status in lxterminal source package in Artful:
  Fix Released

Bug description:
  unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a
  socket file, allowing a local user to cause a denial of service
  (preventing terminal launch), or possibly have other impact (bypassing
  terminal access control).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxterminal/+bug/1690416/+subscriptions