xdg-user-dirs-0.15-5.el7

エラータID: AXSA:2018-2892:01

Release date: 
Tuesday, April 17, 2018 - 22:02
Subject: 
xdg-user-dirs-0.15-5.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Low
Description: 

xdg-user-dirs is a tool to create and configure default desktop user directories such as the Music and the Desktop directories.

Security Fix(es):

* xdg-user-dirs, gnome-session: Xsession creation of XDG user directories does not honor system umask policy (CVE-2017-15131)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Asianux Server 7.5 Release Notes linked from the References section.

CVE-2017-15131
It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.

Solution: 

Update packages.

CVEs: 
CVE-2017-15131
It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.
Additional Info: 

N/A

Download: 

SRPMS
  1. xdg-user-dirs-0.15-5.el7.src.rpm
    MD5: fabeeaa0c2eca76e9bc16da699550198
    SHA-256: 11517033fe59588a8322504e0568ee1bdf42eb1fab98f833f1fa09726b99a5c0
    Size: 245.12 kB

Asianux Server 7 for x86_64
  1. xdg-user-dirs-0.15-5.el7.x86_64.rpm
    MD5: bac8b33dc6dadcc28f1b9a5eb4bc34f9
    SHA-256: 40f72c210c00e10c7f24df30c836ac7a154e83d1a6e9f65f318a527ce37d4a66
    Size: 57.73 kB