Explore top 10 tips to secure your open-source projects now. Read More
×
Arch Linux Security Advisory ASA-201706-25 ========================================= Severity: Medium Date : 2017-06-22 CVE-ID : CVE-2016-10369 Package : lxterminal Type : access restriction bypass Remote : No Link : https://security.archlinux.org/AVG-264 Summary ====== The package lxterminal before version 0.3.0-2 is vulnerable to access restriction bypass. Resolution ========= Upgrade to 0.3.0-2. # pacman -Syu "lxterminal>=0.3.0-2" The problem has been fixed upstream but no release is available yet. Workaround ========= None. Description ========== unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control). Impact ===== A local attacker might be able to cause a denial of service or bypass the terminal access control to gain privileges or access sensitive information. References ========= ;a=commitdiff;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648 https://unix.stackexchange.com/questions/333539/lxterminal-in-the-netstat-output/333578 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862098 https://security.archlinux.org/CVE-2016-10369