A potential security flaw is found on LXDE products, which create socket under /tmp with some predictable names, which may leads to DOS. The security flow on lxterminal is now assigned as CVE-2016-10369. Some other components also had similar issues.
These new rpms should fix these issues.
At least relogin is required to make this fix effect.
sudo dnf upgrade --advisory=FEDORA-2017-e9936d561b
|submitted||2 years ago|
|in testing||2 years ago|
|in stable||2 years ago|
|modified||2 years ago|
|0||0||#1449114 CVE-2016-10369 lxterminal: Insecure use of /tmp for a socket file [fedora-all]|
|0||0||#1451065 CVE-2017-8934 pcmanfm: Insecure temporary file creation in get_socket_name function [fedora-all]|
|0||0||#1451070 CVE-2017-8933 menu-cache: Insecure temporary file creation in get_socket_name function [fedora-all]|