CVE-2016-10369

NameCVE-2016-10369
Descriptionunixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-935-1
Debian Bugs862098

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
lxterminal (PTS)bullseye0.4.0-1fixed
bookworm0.4.0-2fixed
forky, sid, trixie0.4.1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
lxterminalsourcewheezy0.1.11-4+deb7u1DLA-935-1
lxterminalsourcejessie0.2.0-1+deb8u1
lxterminalsource(unstable)0.3.0-2low862098

Notes

Fixed by: https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648
Search for package or bug name: Reporting problems