Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:1835-1

Опубликовано: 11 июл. 2017
Источник: suse-cvrf

Описание

Security update for libICE

This update for libICE fixes the following issues:

  • CVE-2017-2626: Creation of the ICE auth session cookies used insufficient randomness, making these cookies predictable. A more random generation method has been implemented. (boo#1025068)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2
libICE6-1.0.8-10.1
libICE6-32bit-1.0.8-10.1
SUSE Linux Enterprise Server 12 SP2
libICE6-1.0.8-10.1
libICE6-32bit-1.0.8-10.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libICE6-1.0.8-10.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libICE6-1.0.8-10.1
libICE6-32bit-1.0.8-10.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libICE-devel-1.0.8-10.1

Ссылки

Описание

It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libICE6-1.0.8-10.1
SUSE Linux Enterprise Desktop 12 SP2:libICE6-32bit-1.0.8-10.1
SUSE Linux Enterprise Server 12 SP2:libICE6-1.0.8-10.1
SUSE Linux Enterprise Server 12 SP2:libICE6-32bit-1.0.8-10.1
Ссылки