[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

CESA-2017:1865 -- centos 7 libICE

ID: oval:org.secpod.oval:def:204581Date: (C)2018-04-30   (M)2023-10-25
Class: PATCHFamily: unix




The X11 libraries provide library routines that are used within all X Window applications. The following packages have been upgraded to a later upstream version: libX11 , libXaw , libXdmcp , libXfixes , libXfont , libXi , libXpm , libXrandr , libXrender , libXt , libXtst , libXv , libXvMC , libXxf86vm , libdrm , libepoxy , libevdev , libfontenc , libvdpau , libwacom , libxcb , libxkbfile , mesa , mesa-private-llvm , xcb-proto , xkeyboard-config , xorg-x11-proto-devel . Security Fix: * An integer overflow flaw leading to a heap-based buffer overflow was found in libXpm. An attacker could use this flaw to crash an application using libXpm via a specially crafted XPM file. * It was discovered that libXdmcp used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users" sessions. * It was discovered that libICE used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list. Red Hat would like to thank Eric Sesterhenn for reporting CVE-2017-2625 and CVE-2017-2626. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.

Platform:
CentOS 7
Product:
libICE
Reference:
CESA-2017:1865
CVE-2016-10164
CVE-2017-2625
CVE-2017-2626
CVE    3
CVE-2016-10164
CVE-2017-2625
CVE-2017-2626
CPE    2
cpe:/a:x_org:libice
cpe:/o:centos:centos:7

© SecPod Technologies