Описание
Security update for xorg-x11-libXdmcp
This update for xorg-x11-libXdmcp fixes the following issues:
- CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable (bsc#1025046)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
xorg-x11-libXdmcp-7.4-3.1
xorg-x11-libXdmcp-32bit-7.4-3.1
xorg-x11-libXdmcp-x86-7.4-3.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
xorg-x11-libXdmcp-7.4-3.1
xorg-x11-libXdmcp-32bit-7.4-3.1
xorg-x11-libXdmcp-x86-7.4-3.1
SUSE Linux Enterprise Software Development Kit 11 SP4
xorg-x11-libXdmcp-32bit-7.4-3.1
xorg-x11-libXdmcp-devel-7.4-3.1
xorg-x11-libXdmcp-devel-32bit-7.4-3.1
Ссылки
- Link for SUSE-SU-2017:1868-1
- E-Mail link for SUSE-SU-2017:1868-1
- SUSE Security Ratings
- SUSE Bug 1025046
- SUSE CVE CVE-2017-2625 page
Описание
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:xorg-x11-libXdmcp-32bit-7.4-3.1
SUSE Linux Enterprise Server 11 SP4:xorg-x11-libXdmcp-7.4-3.1
SUSE Linux Enterprise Server 11 SP4:xorg-x11-libXdmcp-x86-7.4-3.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:xorg-x11-libXdmcp-32bit-7.4-3.1
Ссылки
- CVE-2017-2625
- SUSE Bug 1025046
- SUSE Bug 1025068
- SUSE Bug 1025639
- SUSE Bug 1123802
- SUSE Bug 815650