Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
202
security advisoryupdatemoderate severityopenSUSE: 2022:10001-1 Moderate: Pcmanfm Security Exploit Resolution
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for pcmanfm ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10001-1 Rating: moderate References: #1039140 Cross-References: CVE-2017-8934 CVSS scores: CVE-2017-8934 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for pcmanfm fixes the following issues: update to 1.3.2: * Fixed case when some keyboard shortcuts stopped working: Alt+Home, Alt+Up * Fixed sytem reboot delayed for 90 seconds in some cases new upstream release of pcmanfm 1.3.1 * fixed crash on reload while directory changes * changed size of large thumbnails to 512 * added application/gzip to archivers.list * added image/x-compressed-xcf to archivers.list * allowed bigger sizes of icons and thumbnails new upstream release of pcmanfm 1.3.0 * Fixed potential access violation, use runtime user dir instead of tmp diri for single instance socket. boo#1039140 CVE-2017-8934 * Fixed an issue with losing icons on desktop, when file name has a ???[??? char. * Added a missing tooltip for ???New Window??? toolbar button. * Fixed an issue when single instance socket directory did not exist Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-10001=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 ppc64le s390x x86_64): pcmanfm-1.3.2-bp153.2.3.1 pcmanfm-devel-1.3.2-bp153.2.3.1 - openSUSE Backports SLE-15-SP3 (noarch): pcmanfm-lang-1.3.2-bp153.2.3.1 References: https://www.suse.com/security/cve/CVE-2017-8934.html https://bugzilla.suse.com/1039140 . The recent upgrade for pcmanfm resolves a significant access violation problem, with enhancements deployed for openSUSE Backports SLE.. pcmanfm Update, Access Violation Fix, OpenSUSE Advisory. . LinuxSecurity.com Team
May 31, 2022
OpenSUSE
198
security advisorydenial of servicemediumArch Linux: ASA-201707-15 Medium: Thunar Denial Of Service
The package pcmanfm before version 1.2.5-2 is vulnerable to denial of service. . Arch Linux Security Advisory ASA-201706-26 ========================================= Severity: Medium Date : 2017-06-22 CVE-ID : CVE-2017-8934 Package : pcmanfm Type : denial of service Remote : No Link : https://security.archlinux.org/AVG-274 Summary ====== The package pcmanfm before version 1.2.5-2 is vulnerable to denial of service. Resolution ========= Upgrade to 1.2.5-2. # pacman -Syu "pcmanfm> =1.2.5-2" The problem has been fixed upstream but no release is available yet. Workaround ========= None. Description ========== The socket placed in /tmp by pcmanfm is predictable and public-writable. Therefore if one user placed a symlink to another socket instead of socket for another user then said another user will either be unable to use pcmanfm, or may send requests to the first user's pcmanfm. Impact ===== A local attacker might be able to cause a denial of service or trick the user into sending requests to another pcmanfm instance. References ========= https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862571 ;a=commitdiff;h=bc8c3d871e9ecc67c47ff002b68cf049793faf08 https://security.archlinux.org/CVE-2017-8934 . Arch Linux advisory ASA-202310-15 highlights a critical vulnerability in gedit that presents a security threat, offering details on its high severity impact and mitigation steps.. Arch Linux, pcmanfm, DoS, security advisory. . Severity: Medium. LinuxSecurity.com Team
Jun 22, 2017
•Medium
ArchLinux
89
security advisoryFedorasecurity flawFedora 26: PCManFM Security Advisory CVE-2016-10369 DOS Issue
A potential security flaw is found on LXDE products, which create socket under /tmp with some predictable names, which may leads to DOS. The security flow on lxterminal is now assigned as CVE-2016-10369. Some other components also had similar issues. These new rpms should fix these issues. At least relogin is required to make this fix effect.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-e9936d561b 2017-06-09 18:48:36.531419 --------------------------------------------------------------------------------Name : pcmanfm Product : Fedora 26 Version : 1.2.5 Release : 2.fc26 URL : Summary : Extremly fast and lightweight file manager Description : PCMan File Manager is an extremly fast and lightweight file manager which features tabbed browsing and user-friendly interface. --------------------------------------------------------------------------------Update Information: A potential security flaw is found on LXDE products, which create socket under /tmp with some predictable names, which may leads to DOS. The security flow on lxterminal is now assigned as CVE-2016-10369. Some other components also had similar issues. These new rpms should fix these issues. At least relogin is required to make this fix effect. --------------------------------------------------------------------------------References: [ 1 ] Bug #1449114 - CVE-2016-10369 lxterminal: Insecure use of /tmp for a socket file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1449114 [ 2 ] Bug #1451070 - CVE-2017-8933 menu-cache: Insecure temporary file creation in get_socket_name function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1451070 [ 3 ] Bug #1451065 - CVE-2017-8934 pcmanfm: Insecure temporary file creation in get_socket_name function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1451065 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade pcmanfm' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Jun 09, 2017
•Critical
Fedora
89
security advisorydenial of servicefedoraFedora 24 pcmanfm Update Critical: lxterminal Denial of Service Fix
A potential security flaw is found on LXDE products, which create socket under /tmp with some predictable names, which may leads to DOS. The security flow on lxterminal is now assigned as CVE-2016-10369. Some other components also had similar issues. These new rpms should fix these issues. At least relogin is required to make this fix effect.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-3f2d5790d2 2017-05-30 15:08:36.562803 --------------------------------------------------------------------------------Name : pcmanfm Product : Fedora 24 Version : 1.2.5 Release : 2.fc24 URL : Summary : Extremly fast and lightweight file manager Description : PCMan File Manager is an extremly fast and lightweight file manager which features tabbed browsing and user-friendly interface. --------------------------------------------------------------------------------Update Information: A potential security flaw is found on LXDE products, which create socket under /tmp with some predictable names, which may leads to DOS. The security flow on lxterminal is now assigned as CVE-2016-10369. Some other components also had similar issues. These new rpms should fix these issues. At least relogin is required to make this fix effect. --------------------------------------------------------------------------------References: [ 1 ] Bug #1449114 - CVE-2016-10369 lxterminal: Insecure use of /tmp for a socket file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1449114 [ 2 ] Bug #1451070 - CVE-2017-8933 menu-cache: Insecure temporary file creation in get_socket_name function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1451070 [ 3 ] Bug #1451065 - CVE-2017-8934 pcmanfm: Insecure temporary file creation in get_socket_name function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1451065 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade pcmanfm' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
May 30, 2017
•Critical
Fedora
89
security advisorysecurity issueFedoraFedora 25: pcmanfm Moderate DoS Threat Addressed via RPMs
A potential security flaw is found on LXDE products, which create socket under /tmp with some predictable names, which may leads to DOS. The security flow on lxterminal is now assigned as CVE-2016-10369. Some other components also had similar issues. These new rpms should fix these issues. At least relogin is required to make this fix effect.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-6950ea5d05 2017-05-17 03:56:11.755807 --------------------------------------------------------------------------------Name : pcmanfm Product : Fedora 25 Version : 1.2.5 Release : 2.fc25 URL : Summary : Extremly fast and lightweight file manager Description : PCMan File Manager is an extremly fast and lightweight file manager which features tabbed browsing and user-friendly interface. --------------------------------------------------------------------------------Update Information: A potential security flaw is found on LXDE products, which create socket under /tmp with some predictable names, which may leads to DOS. The security flow on lxterminal is now assigned as CVE-2016-10369. Some other components also had similar issues. These new rpms should fix these issues. At least relogin is required to make this fix effect. --------------------------------------------------------------------------------References: [ 1 ] Bug #1449114 - CVE-2016-10369 lxterminal: Insecure use of /tmp for a socket file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1449114 [ 2 ] Bug #1451070 - CVE-2017-8933 menu-cache: Insecure temporary file creation in get_socket_name function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1451070 [ 3 ] Bug #1451065 - CVE-2017-8934 pcmanfm: Insecure temporary file creation in get_socket_name function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1451065 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade pcmanfm' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
May 17, 2017
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!