| Summary: | lxterminal new security issue CVE-2016-10369 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | lewyssmith, sysadmin-bugs, tarazed25 |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA5-64-OK MGA5-32-OK advisory | ||
| Source RPM: | lxterminal-0.3.0-4.mga6.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2017-05-09 16:29:58 CEST
David Walser
2017-05-09 16:30:04 CEST
Whiteboard:
(none) =>
MGA5TOO Done for Cauldron and Mga5. Suggested advisory: ======================== The updated package fix a security vulnerability: unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control). (CVE-2016-10369) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10369 http://openwall.com/lists/oss-security/2017/05/09/1 ======================== Updated packages in core/updates_testing: ======================== lxterminal-0.1.11-5.2.mga5 from SRPMS: lxterminal-0.1.11-5.2.mga5.src.rpm Version:
Cauldron =>
5 x86_64 on real hardware. Ran lxterminal from a Mate terminal using this command: $ lxterminal & sleep 1; lxterminal [1] 14711 $ ps aux | grep lxterm lcl 14711 0.3 0.3 432204 24304 pts/1 Sl 14:16 0:00 lxterminal lcl 14812 0.0 0.0 12256 2244 pts/1 S+ 14:17 0:00 grep lxterm This shows only one instance of lxterminal but in fact there are two active on screen. See https://unix.stackexchange.com/questions/333539/lxterminal-in-the-netstat-output/333578 for the discussion. Killed both and ran the update then the double lxterm command. $ lxterminal & sleep 1 ; lxterminal [1] 15617 /run/user/1000/.lxterminal-socket-:0 /run/user/1000/.lxterminal-socket-:0 [lcl@belexeuli ~]$ ps aux | grep lxterm lcl 15617 0.1 0.2 432212 24152 pts/1 Sl 14:25 0:00 lxterminal lcl 15732 0.0 0.0 12256 2268 pts/1 S+ 14:26 0:00 grep lxterm Typing exit in the two terminals does not remove the socket but if the double command is issued again the socket is overwritten, or maybe reused. The datestamp changes. First time: $ ls -al /run/user/1000 srwxr-xr-x 1 lcl lcl 0 May 10 15:03 .lxterminal-socket-:0 Second time: srwxr-xr-x 1 lcl lcl 0 May 10 15:05 .lxterminal-socket-:0 Not sure of the significance of this but taking this as a sign that the socket allocation is more secure. CC:
(none) =>
tarazed25
Len Lawrence
2017-05-10 16:32:11 CEST
Whiteboard:
(none) =>
MGA5-64-OK i586 in virtualbox Ran the command $ lxterminal & sleep 1; lxterminal which generated two lxterms but only one showed up in the list of processes. After updating the command showed that a socket in /run/user/1000 was being used for both lxterms. $ lxterminal & sleep 1 ; lxterminal [1] 22248 /run/user/1000/.lxterminal-socket-:0.0 /run/user/1000/.lxterminal-socket-:0.0 The terminal works as expected. Giving this the OK.
Len Lawrence
2017-05-10 16:42:16 CEST
Whiteboard:
MGA5-64-OK =>
MGA5-64-OK MGA5-32-OK @Len: a good once again! Validating & advisoried. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0138.html Resolution:
(none) =>
FIXED |