CVE-2016-10369

NameCVE-2016-10369
Descriptionunixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-935-1
Debian Bugs862098

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
lxterminal (PTS)buster0.3.2-1fixed
bullseye0.4.0-1fixed
sid, trixie, bookworm0.4.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
lxterminalsourcewheezy0.1.11-4+deb7u1DLA-935-1
lxterminalsourcejessie0.2.0-1+deb8u1
lxterminalsource(unstable)0.3.0-2low862098

Notes

Fixed by: https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648

Search for package or bug name: Reporting problems