Package: release.debian.org Severity: normal Tags: jessie User: [email protected] Usertags: pu
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hi, I'd like to upload a fix for CVE-2016-10369 to jessie. CVE-2016-10369: unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control). - -- System Information: Debian Release: 9.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -----BEGIN PGP SIGNATURE----- iQJCBAEBCAAsFiEE/tVDSEUoffJikxSJz7v84LdPGxQFAlkRn5kOHG13ZWlAbHhk ZS5vcmcACgkQz7v84LdPGxT8TQ//a7wIYT1/SdKVzKVvY+pdMjXCKV1UdlAucAqm Tqo7VatIHhxj/0yv5DmtGG+bshAuqbmtmMRnITOt3FB5k3+Y+mT+ouGpDsTZFbgF SIj/Z/XWDhsybgpS6AGjG2ERZtuDNH5LjcmyDTR0ZmkhC7RtDujdlSJUWx7PBnt1 O7zl1N6RCesitENpYgRMfmc7Gd+AjuP3hwOpOdTOt++WLIhoyHGXoR6EzIzQTYTM p6aUSDwQcOOqtlPZHUuBi4qQukMmD5xyZ/6/hfdYGdKyqWkTM7Dl+UXcRhYZQmAc BfxDO3GoV495AZkBmGafn67z2ryrtHICRynVVF3B5PRlL5Hx5uh/6ifB0iRmzHwd djtfYvW5zwLsDCNIspnV3rw5ONTq6TSJYWy/bcsLL4fjuNCYsQsW6/xj5BnLP6qh cIe0IBe+YPtD66pM9AO9zexakKvGR9L4WouzOxYcofN+YnKEUtUldMdVu0rorROj qsTPrUlUc5eJMlWE6z4jL/9MZTevwCPHfuyKSN606DqaAI0uZn9Uh5AFzREmcU3/ b7RYcgDDqJqWpepu9FyE6lYnUsRA44L1GJek/fL0Cn+OGN8FMGTHfHT1pSNolWFs ZbG6uSbTnBWj1LOJg7tHzau/u6BiPkpcmCLclfWZTa1+HAF/oRcJKJcqDTrisXb2 ieiUO4Q= =ZPa6 -----END PGP SIGNATURE-----
diff -Nru lxterminal-0.2.0/debian/changelog lxterminal-0.2.0/debian/changelog --- lxterminal-0.2.0/debian/changelog 2014-10-22 06:18:50.000000000 +0800 +++ lxterminal-0.2.0/debian/changelog 2017-05-09 11:37:21.000000000 +0800 @@ -1,3 +1,10 @@ +lxterminal (0.2.0-1+deb8u1) jessie-security; urgency=high + + * Fix improper use of /tmp for a socket file (CVE-2016-10369) + (Closes: #862098) + + -- Yao Wei (魏銘廷) <[email protected]> Tue, 09 May 2017 11:37:21 +0800 + lxterminal (0.2.0-1) unstable; urgency=low * Adding --disable-silent-rules to fix buildlog checker warning. diff -Nru lxterminal-0.2.0/debian/patches/01-cve-2016-10369.diff lxterminal-0.2.0/debian/patches/01-cve-2016-10369.diff --- lxterminal-0.2.0/debian/patches/01-cve-2016-10369.diff 1970-01-01 08:00:00.000000000 +0800 +++ lxterminal-0.2.0/debian/patches/01-cve-2016-10369.diff 2017-05-09 11:37:21.000000000 +0800 @@ -0,0 +1,19 @@ +From: Yao Wei (魏銘廷) <[email protected]> +Subject: fix: CVE-2016-10369: socket can be blocked by another user + +* fix: use g_get_user_runtime_dir for socket directory + +Origin: upstream, https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648 +Bug-Debian: http://bugs.debian.org/862098 + +--- a/src/unixsocket.c ++++ b/src/unixsocket.c +@@ -120,7 +120,7 @@ + * This function returns TRUE if this process should keep running and FALSE if it should exit. */ + + /* Formulate the path for the Unix domain socket. */ +- gchar * socket_path = g_strdup_printf("/tmp/.lxterminal-socket%s-%s", gdk_get_display(), g_get_user_name()); ++ gchar * socket_path = g_strdup_printf("%s/.lxterminal-socket-%s", g_get_user_runtime_dir(), gdk_display_get_name(gdk_display_get_default())); + + /* Create socket. */ + int fd = socket(PF_UNIX, SOCK_STREAM, 0); diff -Nru lxterminal-0.2.0/debian/patches/series lxterminal-0.2.0/debian/patches/series --- lxterminal-0.2.0/debian/patches/series 2014-10-22 05:56:19.000000000 +0800 +++ lxterminal-0.2.0/debian/patches/series 2017-05-09 11:37:21.000000000 +0800 @@ -0,0 +1 @@ +01-cve-2016-10369.diff
