Описание
Security update for libXdmcp
This update for libXdmcp fixes the following issues:
- CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable (bsc#1025046)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
libXdmcp6-1.1.1-10.1
libXdmcp6-32bit-1.1.1-10.1
SUSE Linux Enterprise Server 12 SP2
libXdmcp6-1.1.1-10.1
libXdmcp6-32bit-1.1.1-10.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libXdmcp6-1.1.1-10.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libXdmcp6-1.1.1-10.1
libXdmcp6-32bit-1.1.1-10.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libXdmcp-devel-1.1.1-10.1
Ссылки
- Link for SUSE-SU-2017:1862-1
- E-Mail link for SUSE-SU-2017:1862-1
- SUSE Security Ratings
- SUSE Bug 1025046
- SUSE CVE CVE-2017-2625 page
Описание
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libXdmcp6-1.1.1-10.1
SUSE Linux Enterprise Desktop 12 SP2:libXdmcp6-32bit-1.1.1-10.1
SUSE Linux Enterprise Server 12 SP2:libXdmcp6-1.1.1-10.1
SUSE Linux Enterprise Server 12 SP2:libXdmcp6-32bit-1.1.1-10.1
Ссылки
- CVE-2017-2625
- SUSE Bug 1025046
- SUSE Bug 1025068
- SUSE Bug 1025639
- SUSE Bug 1123802
- SUSE Bug 815650