Bug 20864 - pcmanfm new security issue CVE-2017-8934
Summary: pcmanfm new security issue CVE-2017-8934
Status: ASSIGNED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: advisory
Keywords:
Depends on:
Blocks:
 
Reported: 2017-05-16 00:10 CEST by David Walser
Modified: 2017-05-21 03:02 CEST (History)
2 users (show)

See Also:
Source RPM: pcmanfm-1.2.3-2.2.mga5.src.rpm
CVE: CVE-2017-8934
Status comment:


Attachments

Description David Walser 2017-05-16 00:10:20 CEST
A security issue fixed upstream in pcmanfm has been announced:
http://openwall.com/lists/oss-security/2017/05/15/4

Mageia 5 is probably also affected.
Comment 1 Nicolas Salguero 2017-05-16 10:35:19 CEST
Suggested advisory:
========================

The updated package fixes a security vulnerability:

PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (application unavailability). (CVE-2017-8934)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8934
http://openwall.com/lists/oss-security/2017/05/15/4
========================

Updated packages in core/updates_testing:
========================
pcmanfm-1.2.3-2.3.mga5

from SRPMS:
pcmanfm-1.2.3-2.3.mga5.src.rpm

Note You need to log in before you can comment on or make changes to this bug.