[SECURITY] [DLA-1420-1] cinnamon security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : cinnamon
Version : 2.2.16-5+deb8u1
CVE ID : CVE-2018-13054
Debian Bug : #903201
It was discovered that there was a symlink attack in the Cinnamon
desktop environment.
An attacker could overwrite an arbitrary file on the filesystem via
a $HOME/.face icon file (as the cinnamon-settings-users.py GUI runs
as root).
For Debian 8 "Jessie", this issue has been fixed in cinnamon version
2.2.16-5+deb8u1.
We recommend that you upgrade your cinnamon packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAltIaBsACgkQHpU+J9Qx
HlgISw//QzvO4+yb23ZbpZz9YiKtJxtJgwJmuw9xauh4mDpadvDZ+i6BBVlP72MZ
joVI9Xo+pwpq/1UzDcUJ2cndhUhpGzACT43SvGR3N/Rv01WtNP1VZzJsR4zzmMTO
jwBXDeFi8HGxj9V+F3YBpyrEAOXnpCCsuVMy3GD8fyaSvFWfRfIrQuwzjn4xWQQR
b86WUJgkuzOmG9F8Mizz8UVYICDRU92mwpJMY2sLnBjYLR+6d4GFPdnsOR3rYEql
p5oOMvIygV6dY5FI4HpwjrRkRqXlBJuygHBvjcuaU+Dipp7r0nw0ICJgpPleL37H
AsJ/9KjHrbPtK0S42r1XDMQc69MragQ1tMyrdxjOfBaN/ItGl4QSuEVAKRbSwTx/
6p8jxhV5aq7ZesY+vQRzPSj5CG48M+beUKbl8XfNQr0QEpXAtfEO74TlWTI6YNr5
rET/fjJtTWWJRTPO5JAmb51EHEW9SDi6sS0AB6dqTIc6UiTl2+IxSPIlnnVidMt6
WaNVCFq7gYSReHofn+tfhGf1cWtx7snrn0OWRnx9mvZS5JYOhYlVY9PyrwvgUkgH
7T3cHV0rv8HM3lV1Ii82iVOpAzveQy2iGUNPzKRPZDYQnQUqQCCqI2Ec8GgFK+Nk
Xqmyxb7pai5qVZf0t2L5LLLRgNr0YLr2EskcSLkCjgWXDX0k22E=
=oDiZ
-----END PGP SIGNATURE-----
Reply to: