Описание
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.
It was discovered that libICE used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.
Отчет
Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | libICE | Will not fix | ||
| Red Hat Enterprise Linux 6 | libICE | Will not fix | ||
| Red Hat Enterprise Linux 7 | libdrm | Fixed | RHSA-2017:1865 | 01.08.2017 |
| Red Hat Enterprise Linux 7 | libepoxy | Fixed | RHSA-2017:1865 | 01.08.2017 |
| Red Hat Enterprise Linux 7 | libevdev | Fixed | RHSA-2017:1865 | 01.08.2017 |
| Red Hat Enterprise Linux 7 | libfontenc | Fixed | RHSA-2017:1865 | 01.08.2017 |
| Red Hat Enterprise Linux 7 | libICE | Fixed | RHSA-2017:1865 | 01.08.2017 |
| Red Hat Enterprise Linux 7 | libinput | Fixed | RHSA-2017:1865 | 01.08.2017 |
| Red Hat Enterprise Linux 7 | libvdpau | Fixed | RHSA-2017:1865 | 01.08.2017 |
| Red Hat Enterprise Linux 7 | libwacom | Fixed | RHSA-2017:1865 | 01.08.2017 |
Показывать по
Дополнительная информация
Статус:
5.2 Medium
CVSS3
Связанные уязвимости
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.
It was discovered that libICE before 1.0.9-8 used a weak entropy to ge ...
5.2 Medium
CVSS3