ASA-201706-24 log generated external raw

[ASA-201706-24] lxterminal-gtk3: access restriction bypass
Arch Linux Security Advisory ASA-201706-24 ========================================== Severity: Medium Date : 2017-06-22 CVE-ID : CVE-2016-10369 Package : lxterminal-gtk3 Type : access restriction bypass Remote : No Link : Summary ======= The package lxterminal-gtk3 before version 0.3.0-2 is vulnerable to access restriction bypass. Resolution ========== Upgrade to 0.3.0-2. # pacman -Syu "lxterminal-gtk3>=0.3.0-2" The problem has been fixed upstream but no release is available yet. Workaround ========== None. Description =========== unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control). Impact ====== A local attacker might be able to cause a denial of service or bypass the terminal access control to gain privileges or access sensitive information. References ==========;a=commitdiff;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648