Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:0337-1

Опубликовано: 01 фев. 2018
Источник: suse-cvrf

Описание

Security update for libICE

This update for libICE fixes the following issues:

  • CVE-2017-2626: Creation of the ICE auth session cookies used insufficient randomness, making these cookies predictable. A more random generation method has been implemented. (boo#1025068)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP3
libICE6-1.0.8-12.1
libICE6-32bit-1.0.8-12.1
SUSE Linux Enterprise Server 12 SP3
libICE6-1.0.8-12.1
libICE6-32bit-1.0.8-12.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libICE6-1.0.8-12.1
libICE6-32bit-1.0.8-12.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libICE-devel-1.0.8-12.1

Ссылки

Описание

It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libICE6-1.0.8-12.1
SUSE Linux Enterprise Desktop 12 SP3:libICE6-32bit-1.0.8-12.1
SUSE Linux Enterprise Server 12 SP3:libICE6-1.0.8-12.1
SUSE Linux Enterprise Server 12 SP3:libICE6-32bit-1.0.8-12.1
Ссылки