← Back to team overview

group.of.nepali.translators team mailing list archive

[Bug 1703564] Re: [CVE] Socket may be blocked by another user

 

This bug was fixed in the package menu-cache - 1.0.2-1ubuntu0.1

---------------
menu-cache (1.0.2-1ubuntu0.1) zesty-security; urgency=medium

  * SECURITY UPDATE: Socket may be blocked by another user (LP: #1703564)
    - fix-CVE-2017-8933.patch
    - CVE-2017-8933

 -- Simon Quigley <tsimonq2@xxxxxxxxxx>  Wed, 09 Aug 2017 08:42:38 -0500

** Changed in: menu-cache (Ubuntu Zesty)
       Status: Fix Committed => Fix Released

** Changed in: menu-cache (Ubuntu Trusty)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1703564

Title:
  [CVE] Socket may be blocked by another user

Status in menu-cache package in Ubuntu:
  Fix Released
Status in menu-cache source package in Trusty:
  Fix Released
Status in menu-cache source package in Xenial:
  Fix Released
Status in menu-cache source package in Zesty:
  Fix Released

Bug description:
  The socket placed in /tmp is predictable and public-writable. Therefore
  if one user placed a symlink to another socket instead of socket for
  another use then said another user will either be unable to get menu, or
  will receive menu of some other user. Upstream released a fix for this
  issue:

  https://git.lxde.org/gitweb/?p=lxde/menu-
  cache.git;a=commitdiff;h=56f66684592abf257c4004e6e1fff041c64a12ce

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/menu-cache/+bug/1703564/+subscriptions