vulnerability
CentOS Linux: CVE-2017-2625: Moderate: X.org X11 libraries security, bug fix and enhancement update (CESA-2017:1865)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:P/I:N/A:N) | Jul 27, 2018 | Aug 28, 2019 | May 25, 2023 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
Published
Jul 27, 2018
Added
Aug 28, 2019
Modified
May 25, 2023
Description
It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.
Solution(s)
centos-upgrade-drm-utilscentos-upgrade-libdrmcentos-upgrade-libdrm-debuginfocentos-upgrade-libdrm-develcentos-upgrade-libepoxycentos-upgrade-libepoxy-debuginfocentos-upgrade-libepoxy-develcentos-upgrade-libevdevcentos-upgrade-libevdev-debuginfocentos-upgrade-libevdev-develcentos-upgrade-libevdev-utilscentos-upgrade-libfontenccentos-upgrade-libfontenc-debuginfocentos-upgrade-libfontenc-develcentos-upgrade-libicecentos-upgrade-libice-debuginfocentos-upgrade-libice-develcentos-upgrade-libinputcentos-upgrade-libinput-debuginfocentos-upgrade-libinput-develcentos-upgrade-libvdpaucentos-upgrade-libvdpau-debuginfocentos-upgrade-libvdpau-develcentos-upgrade-libvdpau-docscentos-upgrade-libwacomcentos-upgrade-libwacom-datacentos-upgrade-libwacom-debuginfocentos-upgrade-libwacom-develcentos-upgrade-libx11centos-upgrade-libx11-commoncentos-upgrade-libx11-debuginfocentos-upgrade-libx11-develcentos-upgrade-libxawcentos-upgrade-libxaw-debuginfocentos-upgrade-libxaw-develcentos-upgrade-libxcbcentos-upgrade-libxcb-debuginfocentos-upgrade-libxcb-develcentos-upgrade-libxcb-doccentos-upgrade-libxcursorcentos-upgrade-libxcursor-debuginfocentos-upgrade-libxcursor-develcentos-upgrade-libxdmcpcentos-upgrade-libxdmcp-debuginfocentos-upgrade-libxdmcp-develcentos-upgrade-libxfixescentos-upgrade-libxfixes-debuginfocentos-upgrade-libxfixes-develcentos-upgrade-libxfontcentos-upgrade-libxfont-debuginfocentos-upgrade-libxfont-develcentos-upgrade-libxfont2centos-upgrade-libxfont2-debuginfocentos-upgrade-libxfont2-develcentos-upgrade-libxicentos-upgrade-libxi-debuginfocentos-upgrade-libxi-develcentos-upgrade-libxkbcommoncentos-upgrade-libxkbcommon-debuginfocentos-upgrade-libxkbcommon-develcentos-upgrade-libxkbcommon-x11centos-upgrade-libxkbcommon-x11-develcentos-upgrade-libxkbfilecentos-upgrade-libxkbfile-debuginfocentos-upgrade-libxkbfile-develcentos-upgrade-libxpmcentos-upgrade-libxpm-debuginfocentos-upgrade-libxpm-develcentos-upgrade-libxrandrcentos-upgrade-libxrandr-debuginfocentos-upgrade-libxrandr-develcentos-upgrade-libxrendercentos-upgrade-libxrender-debuginfocentos-upgrade-libxrender-develcentos-upgrade-libxtcentos-upgrade-libxt-debuginfocentos-upgrade-libxt-develcentos-upgrade-libxtstcentos-upgrade-libxtst-debuginfocentos-upgrade-libxtst-develcentos-upgrade-libxvcentos-upgrade-libxv-debuginfocentos-upgrade-libxv-develcentos-upgrade-libxvmccentos-upgrade-libxvmc-debuginfocentos-upgrade-libxvmc-develcentos-upgrade-libxxf86vmcentos-upgrade-libxxf86vm-debuginfocentos-upgrade-libxxf86vm-develcentos-upgrade-mesa-debuginfocentos-upgrade-mesa-dri-driverscentos-upgrade-mesa-filesystemcentos-upgrade-mesa-libeglcentos-upgrade-mesa-libegl-develcentos-upgrade-mesa-libgbmcentos-upgrade-mesa-libgbm-develcentos-upgrade-mesa-libglcentos-upgrade-mesa-libgl-develcentos-upgrade-mesa-libglapicentos-upgrade-mesa-libglescentos-upgrade-mesa-libgles-develcentos-upgrade-mesa-libosmesacentos-upgrade-mesa-libosmesa-develcentos-upgrade-mesa-libxatrackercentos-upgrade-mesa-libxatracker-develcentos-upgrade-mesa-private-llvmcentos-upgrade-mesa-private-llvm-debuginfocentos-upgrade-mesa-private-llvm-develcentos-upgrade-mesa-vulkan-driverscentos-upgrade-vulkancentos-upgrade-vulkan-debuginfocentos-upgrade-vulkan-develcentos-upgrade-vulkan-filesystemcentos-upgrade-xcb-protocentos-upgrade-xkeyboard-configcentos-upgrade-xkeyboard-config-develcentos-upgrade-xorg-x11-proto-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.