openSUSE-SU-2017:1801-1

Опубликовано: 06 июл. 2017

Источник: suse-cvrf

Описание

Security update for libICE

This update for libICE fixes the following issues:

CVE-2017-2626: Creation of the ICE auth session cookies used insufficient randomness, making these cookies predictable. A more random generation method has been implemented. (boo#1025068)

Список пакетов

openSUSE Leap 42.2

libICE-1.0.9-5.3.1

libICE-devel-1.0.9-5.3.1

libICE-devel-32bit-1.0.9-5.3.1

libICE6-1.0.9-5.3.1

libICE6-32bit-1.0.9-5.3.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-07/msg00030.html
E-Mail link for openSUSE-SU-2017:1801-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.

Затронутые продукты

openSUSE Leap 42.2:libICE-1.0.9-5.3.1

openSUSE Leap 42.2:libICE-devel-1.0.9-5.3.1

openSUSE Leap 42.2:libICE-devel-32bit-1.0.9-5.3.1

openSUSE Leap 42.2:libICE6-1.0.9-5.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-2626.html
CVE-2017-2626
https://bugzilla.suse.com/1025068
SUSE Bug 1025068
https://bugzilla.suse.com/1025639
SUSE Bug 1025639
https://bugzilla.suse.com/1048274
SUSE Bug 1048274
https://bugzilla.suse.com/1123800
SUSE Bug 1123800

openSUSE-SU-2017:1801-1

Описание

Список пакетов

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2017-2626

Описание

Затронутые продукты

Ссылки