Описание
Security update for libXdmcp
This update for libXdmcp fixes the following issues:
- CVE-2017-2625: The generation of session key in XDM using libXdmcp might have used weak entropy, making the session keys predictable (boo#1025046)
Список пакетов
openSUSE Leap 42.2
libXdmcp-1.1.2-3.3.1
libXdmcp-devel-1.1.2-3.3.1
libXdmcp-devel-32bit-1.1.2-3.3.1
libXdmcp6-1.1.2-3.3.1
libXdmcp6-32bit-1.1.2-3.3.1
Ссылки
- E-Mail link for openSUSE-SU-2017:1802-1
- SUSE Security Ratings
Описание
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.
Затронутые продукты
openSUSE Leap 42.2:libXdmcp-1.1.2-3.3.1
openSUSE Leap 42.2:libXdmcp-devel-1.1.2-3.3.1
openSUSE Leap 42.2:libXdmcp-devel-32bit-1.1.2-3.3.1
openSUSE Leap 42.2:libXdmcp6-1.1.2-3.3.1
Ссылки
- CVE-2017-2625
- SUSE Bug 1025046
- SUSE Bug 1025068
- SUSE Bug 1025639
- SUSE Bug 1123802
- SUSE Bug 815650