Ubuntu 16.04 ESM / 18.04 ESM : Cinnamon vulnerability (USN-4844-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4844-1 advisory. Matthias Gerstner discovered that the cinnamon-settings-users utility in Cinnamon did not safely handle symlinks. An unprivileged attacker could...

SUSE CVE-2018-13054

An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of for example other users' icon files in onfacebrowsemenuitemactivated and onfacemenuitemactivated. These icon files are written to the respective user's $HOME/.face...

Mageia: Security Advisory (MGASA-2019-0063)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : cinnamon (openSUSE-2019-534)

This update for cinnamon fixes the following issues : Security issue fixed : - CVE-2018-13054: Fix symlink attack vulnerability boo1083067. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE: Security Advisory for cinnamon (openSUSE-SU-2018:2121-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : cinnamon (openSUSE-2018-768)

This update for cinnamon fixes the following issues : Security issue fixed : - CVE-2018-13054: Fix symlink attack vulnerability boo1083067. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

openSUSE Security Update : cinnamon (openSUSE-2018-767)

This update for cinnamon fixes the following issues : Security issue fixed : - CVE-2018-13054: Fix symlink attack vulnerability boo1083067. Bug fixes : - Update to version 3.4.6 changes since 3.4.4 : - osdWindow.js: Always check the theme node on first showing - an actor's width isn't necessarily...

openSUSE: Security Advisory for cinnamon (openSUSE-SU-2018:2125-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for cinnamon (moderate)

This update for cinnamon fixes the following issues: Security issue fixed: - CVE-2018-13054: Fix symlink attack vulnerability boo1083067. Bug fixes: - Update to version 3.4.6 changes since 3.4.4: osdWindow.js: Always check the theme node on first showing - an actor's width isn't necessarily fille...

Fedora 27 : cinnamon (2018-64af4d2108)

Fix CVE-2018-13054 cinnamon: privilege escalation in cinnamon-settings-users.py GUI Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible witho...

Fedora Update for cinnamon FEDORA-2018-c785c43a8f

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-13054

CVE-2018-13054 affects Cinnamon 1.9.2–3.8.6 where cinnamon-settings-users.py runs as root and can overwrite any user’s ~/.face via symlink pointing to an arbitrary location, enabling a possible privilege escalation. Connected advisories (openSUSE, Fedora, SUSE, Mageia, Ubuntu) report a fix for th...