|
|
Subscribe / Log in / New account

Mageia alert MGASA-2017-0330 (libxdmcp)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2017-0330: Updated libxdmcp packages fix security vulnerability 


Date:
    	      Thu, 7 Sep 2017 11:07:55 +0200


Message-ID:
    	      <20170907090755.276659F872@duvel.mageia.org>


MGASA-2017-0330 - Updated libxdmcp packages fix security vulnerability

Publication date: 07 Sep 2017
URL: http://advisories.mageia.org/MGASA-2017-0330.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2017-2625

Description:
XDM uses weak entropy to generate the session keys on non BSD systems.
On multi user systems it might possible to check the PID of the process
and how long it is running to get an estimate of these values, which
could allow an attacker to attach to the session of a different user
(CVE-2017-2625).

References:
- https://bugs.mageia.org/show_bug.cgi?id=20377
- https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2625

SRPMS:
- 5/core/libxdmcp-1.1.1-7.1.mga5
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds