This bug was fixed in the package menu-cache - 1.0.2-1ubuntu0.1 --------------- menu-cache (1.0.2-1ubuntu0.1) zesty-security; urgency=medium
* SECURITY UPDATE: Socket may be blocked by another user (LP: #1703564) - fix-CVE-2017-8933.patch - CVE-2017-8933 -- Simon Quigley <tsimo...@ubuntu.com> Wed, 09 Aug 2017 08:42:38 -0500 ** Changed in: menu-cache (Ubuntu Zesty) Status: Fix Committed => Fix Released ** Changed in: menu-cache (Ubuntu Trusty) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1703564 Title: [CVE] Socket may be blocked by another user Status in menu-cache package in Ubuntu: Fix Released Status in menu-cache source package in Trusty: Fix Released Status in menu-cache source package in Xenial: Fix Released Status in menu-cache source package in Zesty: Fix Released Bug description: The socket placed in /tmp is predictable and public-writable. Therefore if one user placed a symlink to another socket instead of socket for another use then said another user will either be unable to get menu, or will receive menu of some other user. Upstream released a fix for this issue: https://git.lxde.org/gitweb/?p=lxde/menu- cache.git;a=commitdiff;h=56f66684592abf257c4004e6e1fff041c64a12ce To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/menu-cache/+bug/1703564/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp