FEDORA-EPEL-2019-d2c1368294

security update in Fedora EPEL 7 for cinnamon

Status: testing 4 months ago

A flaw was found in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user's $HOME/.face location. If an unprivileged user prepares a symlink pointing to an arbitrary location, then this location will be overwritten with the icon content.

Logout Required

After installing this update it is required that you logout of your current user session and log back in to ensure the changes supplied by this update are applied properly.

How to install

sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-EPEL-2019-d2c1368294

Comments 3

This update has been submitted for testing by jcpunk.

This update has been pushed to testing.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

Content Type
RPM
Status
testing
Test Gating
Submitted by
Update Type
security
Update Severity
high
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 4 months ago
in testing 4 months ago

Related Bugs 1

00 #1598495 CVE-2018-13054 cinnamon: privilege escalation in cinnamon-settings-users.py GUI [epel-7]

Automated Test Results