Updated libxdmcp packages fix security vulnerability
Publication date: 07 Sep 2017Modification date: 07 Sep 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-2625
Description
XDM uses weak entropy to generate the session keys on non BSD systems. On multi user systems it might possible to check the PID of the process and how long it is running to get an estimate of these values, which could allow an attacker to attach to the session of a different user (CVE-2017-2625).
References
SRPMS
5/core
- libxdmcp-1.1.1-7.1.mga5