[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

RHSA-2017:1865-01 -- Redhat libICE, libX11, libXaw, libXcursor, libXdmcp, libXfixes, libXfont, libXfont2, libXi, libXpm, libXrandr, libXrender, libXt, libXtst, libXv, libXvMC, libXxf86vm, libdrm, libepoxy, libevdev, libfontenc, libinput, libvdpau, libwacom, libxcb, libxkbcommon, libxkbfile, mesa, mesa-private-llvm, xkeyboard-config, xorg-x11-proto-devel

ID: oval:org.secpod.oval:def:502098Date: (C)2017-08-04   (M)2023-12-20
Class: PATCHFamily: unix




The X11 libraries provide library routines that are used within all X Window applications. The following packages have been upgraded to a later upstream version: libX11 , libXaw , libXdmcp , libXfixes , libXfont , libXi , libXpm , libXrandr , libXrender , libXt , libXtst , libXv , libXvMC , libXxf86vm , libdrm , libepoxy , libevdev , libfontenc , libvdpau , libwacom , libxcb , libxkbfile , mesa , mesa-private-llvm , xcb-proto , xkeyboard-config , xorg-x11-proto-devel . Security Fix: * An integer overflow flaw leading to a heap-based buffer overflow was found in libXpm. An attacker could use this flaw to crash an application using libXpm via a specially crafted XPM file. * It was discovered that libXdmcp used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users" sessions. * It was discovered that libICE used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list. Red Hat would like to thank Eric Sesterhenn for reporting CVE-2017-2625 and CVE-2017-2626. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.

Platform:
Red Hat Enterprise Linux 7
Product:
libICE
libX11
libXaw
libXcursor
libXdmcp
libXfixes
libXfont
libXfont2
libXi
libXpm
libXrandr
libXrender
libXt
libXtst
libXv
libXvMC
libXxf86vm
libdrm
libepoxy
libevdev
libfontenc
libinput
libvdpau
libwacom
libxcb
libxkbcommon
libxkbfile
mesa
mesa-private-llvm
xkeyboard-config
xorg-x11-proto-devel
Reference:
RHSA-2017:1865-01
CVE-2016-10164
CVE-2017-2625
CVE-2017-2626
CVE    3
CVE-2016-10164
CVE-2017-2625
CVE-2017-2626
CPE    32
cpe:/a:libxdmcp:libxdmcp
cpe:/a:x:libX11
cpe:/a:x:libfontenc
cpe:/a:x:libxfont
...

© SecPod Technologies