Debian 10261 Published by

A menu-cache security update has been released for Debian GNU/Linux 8 Extended LTS to address an issue where this package insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service.



ELA-714-1 menu-cache security update

Package menu-cache
Version 1.0.0-1+deb8u1 (jessie)
Related CVEs CVE-2017-8933

It was discovered that menu-cache, the LXDE implementation of freedesktop’s menu cache, insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (menu unavailability).

For Debian 8 jessie, these problems have been fixed in version 1.0.0-1+deb8u1.

We recommend that you upgrade your menu-cache packages.

Further information about Extended LTS security advisories can be found at: debian Extended Long term support

  ELA-714-1 menu-cache security update