Candidate: CVE-2018-13054
PublicDate: 2018-07-02 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13054
 https://github.com/linuxmint/Cinnamon/pull/7683
 https://github.com/linuxmint/Cinnamon/commit/66e54f43f179fdf041a3e5232178a9910963cfb5
 https://bugzilla.suse.com/show_bug.cgi?id=1083067
Description:
 An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The
 cinnamon-settings-users.py GUI runs as root and allows configuration of
 (for example) other users' icon files in _on_face_browse_menuitem_activated
 and _on_face_menuitem_activated. These icon files are written to the
 respective user's $HOME/.face location. If an unprivileged user prepares a
 symlink pointing to an arbitrary location, then this location will be
 overwritten with the icon content.
Ubuntu-Description:
 Matthias Gerstner discovered that the cinnamon-settings-users utility in
 Cinnamon did not safely handle symlinks. An unprivileged user could potentially
 use this vulnerability to overwrite arbitrary files as root.
Notes:
Bugs:
Priority: high
Discovered-by: Matthias Gerstner
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H [8.1 HIGH]


Patches_cinnamon:
upstream_cinnamon: released (3.8.8-1)
precise/esm_cinnamon: DNE
trusty_cinnamon: DNE
trusty/esm_cinnamon: DNE
xenial_cinnamon: ignored (end of standard support, was needed)
artful_cinnamon: ignored (reached end-of-life)
bionic_cinnamon: needed
cosmic_cinnamon: ignored (reached end-of-life)
disco_cinnamon: not-affected (3.8.8-1)
eoan_cinnamon: not-affected (3.8.8-1)
focal_cinnamon: not-affected (3.8.8-1)
groovy_cinnamon: not-affected (3.8.8-1)
hirsute_cinnamon: not-affected (3.8.8-1)
impish_cinnamon: not-affected (3.8.8-1)
jammy_cinnamon: not-affected (3.8.8-1)
devel_cinnamon: not-affected (3.8.8-1)