[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA-1420-1] cinnamon security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : cinnamon
Version        : 2.2.16-5+deb8u1
CVE ID         : CVE-2018-13054
Debian Bug     : #903201

It was discovered that there was a symlink attack in the Cinnamon
desktop environment.

An attacker could overwrite an arbitrary file on the filesystem via
a $HOME/.face icon file (as the cinnamon-settings-users.py GUI runs
as root).

For Debian 8 "Jessie", this issue has been fixed in cinnamon version
2.2.16-5+deb8u1.

We recommend that you upgrade your cinnamon packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAltIaBsACgkQHpU+J9Qx
HlgISw//QzvO4+yb23ZbpZz9YiKtJxtJgwJmuw9xauh4mDpadvDZ+i6BBVlP72MZ
joVI9Xo+pwpq/1UzDcUJ2cndhUhpGzACT43SvGR3N/Rv01WtNP1VZzJsR4zzmMTO
jwBXDeFi8HGxj9V+F3YBpyrEAOXnpCCsuVMy3GD8fyaSvFWfRfIrQuwzjn4xWQQR
b86WUJgkuzOmG9F8Mizz8UVYICDRU92mwpJMY2sLnBjYLR+6d4GFPdnsOR3rYEql
p5oOMvIygV6dY5FI4HpwjrRkRqXlBJuygHBvjcuaU+Dipp7r0nw0ICJgpPleL37H
AsJ/9KjHrbPtK0S42r1XDMQc69MragQ1tMyrdxjOfBaN/ItGl4QSuEVAKRbSwTx/
6p8jxhV5aq7ZesY+vQRzPSj5CG48M+beUKbl8XfNQr0QEpXAtfEO74TlWTI6YNr5
rET/fjJtTWWJRTPO5JAmb51EHEW9SDi6sS0AB6dqTIc6UiTl2+IxSPIlnnVidMt6
WaNVCFq7gYSReHofn+tfhGf1cWtx7snrn0OWRnx9mvZS5JYOhYlVY9PyrwvgUkgH
7T3cHV0rv8HM3lV1Ii82iVOpAzveQy2iGUNPzKRPZDYQnQUqQCCqI2Ec8GgFK+Nk
Xqmyxb7pai5qVZf0t2L5LLLRgNr0YLr2EskcSLkCjgWXDX0k22E=
=oDiZ
-----END PGP SIGNATURE-----
Reply to: