Advisories » MGASA-2017-0138

Updated lxterminal package fixes security vulnerability

Publication date: 10 May 2017
Modification date: 10 May 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-10369

Description

unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a
socket file, allowing a local user to cause a denial of service
(preventing terminal launch), or possibly have other impact (bypassing
terminal access control). (CVE-2016-10369)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20815
• http://openwall.com/lists/oss-security/2017/05/09/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10369

SRPMS

5/core

• lxterminal-0.1.11-5.2.mga5