FEDORA-EPEL-2019-d2c1368294 created by jcpunk 8 months ago for Fedora EPEL 7
stable

A flaw was found in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective user's $HOME/.face location. If an unprivileged user prepares a symlink pointing to an arbitrary location, then this location will be overwritten with the icon content.

Logout Required
After installing this update it is required that you logout of your current user session and log back in to ensure the changes supplied by this update are applied properly.

This update has been submitted for testing by jcpunk. 8 months ago
This update has been pushed to testing. 8 months ago
This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes 7 months ago
This update's test gating status has been changed to 'greenwave_failed'. 3 months ago
This update's test gating status has been changed to 'ignored'. 3 months ago
This update's test gating status has been changed to 'greenwave_failed'. 3 months ago
This update's test gating status has been changed to 'ignored'. 3 months ago
This update has been submitted for stable by jcpunk. a month ago
This update has been pushed to stable. a month ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
8 months ago
in testing
8 months ago
in stable
a month ago
BZ#1598495 CVE-2018-13054 cinnamon: privilege escalation in cinnamon-settings-users.py GUI [epel-7]
0
0

Automated Test Results