Advisories » MGASA-2017-0330

Updated libxdmcp packages fix security vulnerability

Publication date: 07 Sep 2017
Modification date: 07 Sep 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-2625

Description

XDM uses weak entropy to generate the session keys on non BSD systems.
On multi user systems it might possible to check the PID of the process
and how long it is running to get an estimate of these values, which
could allow an attacker to attach to the session of a different user
(CVE-2017-2625).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20377
• https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2625

SRPMS

5/core

• libxdmcp-1.1.1-7.1.mga5