[CVE] Socket may be blocked by another user
Bug #1703564 reported by
Simon Quigley
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| menu-cache (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
| Trusty |
Fix Released
|
Medium
|
Simon Quigley | ||
| Xenial |
Fix Released
|
Medium
|
Simon Quigley | ||
| Zesty |
Fix Released
|
Medium
|
Simon Quigley | ||
Bug Description
The socket placed in /tmp is predictable and public-writable. Therefore
if one user placed a symlink to another socket instead of socket for
another use then said another user will either be unable to get menu, or
will receive menu of some other user. Upstream released a fix for this
issue:
CVE References
| information type: | Public → Public Security |
| Changed in menu-cache (Ubuntu): | |
| assignee: | nobody → Simon Quigley (tsimonq2) |
| status: | New → In Progress |
| summary: |
- Socket may be blocked by another user + [CVE] Socket may be blocked by another user |
| Changed in menu-cache (Ubuntu Trusty): | |
| importance: | Undecided → Medium |
| Changed in menu-cache (Ubuntu Xenial): | |
| importance: | Undecided → Medium |
| Changed in menu-cache (Ubuntu Zesty): | |
| importance: | Undecided → Medium |
| Changed in menu-cache (Ubuntu): | |
| importance: | Undecided → Medium |
| Changed in menu-cache (Ubuntu Trusty): | |
| assignee: | nobody → Simon Quigley (tsimonq2) |
| Changed in menu-cache (Ubuntu Xenial): | |
| assignee: | nobody → Simon Quigley (tsimonq2) |
| Changed in menu-cache (Ubuntu Zesty): | |
| assignee: | nobody → Simon Quigley (tsimonq2) |
| Changed in menu-cache (Ubuntu): | |
| assignee: | Simon Quigley (tsimonq2) → nobody |
| status: | In Progress → Fix Released |
| Changed in menu-cache (Ubuntu Trusty): | |
| status: | New → In Progress |
| Changed in menu-cache (Ubuntu Xenial): | |
| status: | New → Incomplete |
| status: | Incomplete → In Progress |
| Changed in menu-cache (Ubuntu Zesty): | |
| status: | New → In Progress |
Revision history for this message
| Simon Quigley (tsimonq2) wrote | #1 |
Revision history for this message
| Simon Quigley (tsimonq2) wrote | #2 |
Revision history for this message
| Simon Quigley (tsimonq2) wrote | #3 |
Revision history for this message
| Marc Deslauriers (mdeslaur) wrote | #4 |
| Changed in menu-cache (Ubuntu Trusty): | |
| status: | In Progress → Fix Committed |
| Changed in menu-cache (Ubuntu Xenial): | |
| status: | In Progress → Fix Committed |
| Changed in menu-cache (Ubuntu Zesty): | |
| status: | In Progress → Fix Committed |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #5 |
| Changed in menu-cache (Ubuntu Xenial): | |
| status: | Fix Committed → Fix Released |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #6 |
| Changed in menu-cache (Ubuntu Zesty): | |
| status: | Fix Committed → Fix Released |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #7 |
| Changed in menu-cache (Ubuntu Trusty): | |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
Attached is a debdiff for Zesty applicable to 1.0.2-1. I have tested this on a fresh Lubuntu 17.04 install and it works fine.