[SECURITY] [DLA-1420-1] cinnamon security update

2018-07-13T08:52:10
ID DEBIAN:DLA-1420-1:732D3
Type debian
Reporter Debian
Modified 2018-07-13T08:52:10

Description

Package : cinnamon Version : 2.2.16-5+deb8u1 CVE ID : CVE-2018-13054 Debian Bug : #903201

It was discovered that there was a symlink attack in the Cinnamon desktop environment.

An attacker could overwrite an arbitrary file on the filesystem via a $HOME/.face icon file (as the cinnamon-settings-users.py GUI runs as root).

For Debian 8 "Jessie", this issue has been fixed in cinnamon version 2.2.16-5+deb8u1.

We recommend that you upgrade your cinnamon packages.

Regards,


  ,''`.
 : :'  :     Chris Lamb
 `. `'`      lamby@debian.org / chris-lamb.co.uk
   `-