Описание
Security update for xorg-x11-libICE
This update for xorg-x11-libICE fixes the following issues:
- CVE-2017-2626: Creation of the ICE auth session cookies used insufficient randomness, making these cookies predictable. A more random generation method has been implemented. (boo#1025068)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
xorg-x11-libICE-7.4-3.1
xorg-x11-libICE-32bit-7.4-3.1
xorg-x11-libICE-x86-7.4-3.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
xorg-x11-libICE-7.4-3.1
xorg-x11-libICE-32bit-7.4-3.1
xorg-x11-libICE-x86-7.4-3.1
SUSE Linux Enterprise Software Development Kit 11 SP4
xorg-x11-libICE-devel-7.4-3.1
xorg-x11-libICE-devel-32bit-7.4-3.1
Ссылки
- Link for SUSE-SU-2017:1848-1
- E-Mail link for SUSE-SU-2017:1848-1
- SUSE Security Ratings
- SUSE Bug 1025068
- SUSE CVE CVE-2017-2626 page
Описание
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:xorg-x11-libICE-32bit-7.4-3.1
SUSE Linux Enterprise Server 11 SP4:xorg-x11-libICE-7.4-3.1
SUSE Linux Enterprise Server 11 SP4:xorg-x11-libICE-x86-7.4-3.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:xorg-x11-libICE-32bit-7.4-3.1
Ссылки
- CVE-2017-2626
- SUSE Bug 1025068
- SUSE Bug 1025639
- SUSE Bug 1048274
- SUSE Bug 1123800