MGASA-2017-0330

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2017-0330.html

Import Source

https://advisories.mageia.org/MGASA-2017-0330.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2017-0330

Related

CVE-2017-2625

Published

2017-09-07T09:07:16Z

Modified

2017-09-07T08:46:56Z

Summary

Updated libxdmcp packages fix security vulnerability

Details

XDM uses weak entropy to generate the session keys on non BSD systems. On multi user systems it might possible to check the PID of the process and how long it is running to get an estimate of these values, which could allow an attacker to attach to the session of a different user (CVE-2017-2625).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / libxdmcp

Package

Name: libxdmcp
Purl: pkg:rpm/mageia/libxdmcp?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.1-7.1.mga5

Ecosystem specific

{
    "section": "core"
}