| Thread Previous • Date Previous • Date Next • Thread Next |
This bug was fixed in the package menu-cache - 1.0.2-1ubuntu0.1
---------------
menu-cache (1.0.2-1ubuntu0.1) zesty-security; urgency=medium
* SECURITY UPDATE: Socket may be blocked by another user (LP: #1703564)
- fix-CVE-2017-8933.patch
- CVE-2017-8933
-- Simon Quigley <tsimonq2@xxxxxxxxxx> Wed, 09 Aug 2017 08:42:38 -0500
** Changed in: menu-cache (Ubuntu Zesty)
Status: Fix Committed => Fix Released
** Changed in: menu-cache (Ubuntu Trusty)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1703564
Title:
[CVE] Socket may be blocked by another user
Status in menu-cache package in Ubuntu:
Fix Released
Status in menu-cache source package in Trusty:
Fix Released
Status in menu-cache source package in Xenial:
Fix Released
Status in menu-cache source package in Zesty:
Fix Released
Bug description:
The socket placed in /tmp is predictable and public-writable. Therefore
if one user placed a symlink to another socket instead of socket for
another use then said another user will either be unable to get menu, or
will receive menu of some other user. Upstream released a fix for this
issue:
https://git.lxde.org/gitweb/?p=lxde/menu-
cache.git;a=commitdiff;h=56f66684592abf257c4004e6e1fff041c64a12ce
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/menu-cache/+bug/1703564/+subscriptions
| Thread Previous • Date Previous • Date Next • Thread Next |
