Oracle Linux: CVE-2017-2626: ELSA-2017-1865: X.org X11 libraries security, bug fix and enhancement update (MODERATE) (Multiple Advisories)
3
(AV:L/AC:L/Au:S/C:P/I:N/A:P)
02/28/2017
07/25/2018
08/08/2017
07/22/2024
Description
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list. It was discovered that libICE used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.
Solution(s)
- oracle-linux-upgrade-drm-utils
- oracle-linux-upgrade-libdrm
- oracle-linux-upgrade-libdrm-devel
- oracle-linux-upgrade-libepoxy
- oracle-linux-upgrade-libepoxy-devel
- oracle-linux-upgrade-libevdev
- oracle-linux-upgrade-libevdev-devel
- oracle-linux-upgrade-libevdev-utils
- oracle-linux-upgrade-libfontenc
- oracle-linux-upgrade-libfontenc-devel
- oracle-linux-upgrade-libice
- oracle-linux-upgrade-libice-devel
- oracle-linux-upgrade-libinput
- oracle-linux-upgrade-libinput-devel
- oracle-linux-upgrade-libvdpau
- oracle-linux-upgrade-libvdpau-devel
- oracle-linux-upgrade-libvdpau-docs
- oracle-linux-upgrade-libwacom
- oracle-linux-upgrade-libwacom-data
- oracle-linux-upgrade-libwacom-devel
- oracle-linux-upgrade-libx11
- oracle-linux-upgrade-libx11-common
- oracle-linux-upgrade-libx11-devel
- oracle-linux-upgrade-libxaw
- oracle-linux-upgrade-libxaw-devel
- oracle-linux-upgrade-libxcb
- oracle-linux-upgrade-libxcb-devel
- oracle-linux-upgrade-libxcb-doc
- oracle-linux-upgrade-libxcursor
- oracle-linux-upgrade-libxcursor-devel
- oracle-linux-upgrade-libxdmcp
- oracle-linux-upgrade-libxdmcp-devel
- oracle-linux-upgrade-libxfixes
- oracle-linux-upgrade-libxfixes-devel
- oracle-linux-upgrade-libxfont
- oracle-linux-upgrade-libxfont2
- oracle-linux-upgrade-libxfont2-devel
- oracle-linux-upgrade-libxfont-devel
- oracle-linux-upgrade-libxi
- oracle-linux-upgrade-libxi-devel
- oracle-linux-upgrade-libxkbcommon
- oracle-linux-upgrade-libxkbcommon-devel
- oracle-linux-upgrade-libxkbcommon-x11
- oracle-linux-upgrade-libxkbcommon-x11-devel
- oracle-linux-upgrade-libxkbfile
- oracle-linux-upgrade-libxkbfile-devel
- oracle-linux-upgrade-libxpm
- oracle-linux-upgrade-libxpm-devel
- oracle-linux-upgrade-libxrandr
- oracle-linux-upgrade-libxrandr-devel
- oracle-linux-upgrade-libxrender
- oracle-linux-upgrade-libxrender-devel
- oracle-linux-upgrade-libxt
- oracle-linux-upgrade-libxt-devel
- oracle-linux-upgrade-libxtst
- oracle-linux-upgrade-libxtst-devel
- oracle-linux-upgrade-libxv
- oracle-linux-upgrade-libxv-devel
- oracle-linux-upgrade-libxvmc
- oracle-linux-upgrade-libxvmc-devel
- oracle-linux-upgrade-libxxf86vm
- oracle-linux-upgrade-libxxf86vm-devel
- oracle-linux-upgrade-mesa-dri-drivers
- oracle-linux-upgrade-mesa-filesystem
- oracle-linux-upgrade-mesa-libegl
- oracle-linux-upgrade-mesa-libegl-devel
- oracle-linux-upgrade-mesa-libgbm
- oracle-linux-upgrade-mesa-libgbm-devel
- oracle-linux-upgrade-mesa-libgl
- oracle-linux-upgrade-mesa-libglapi
- oracle-linux-upgrade-mesa-libgl-devel
- oracle-linux-upgrade-mesa-libgles
- oracle-linux-upgrade-mesa-libgles-devel
- oracle-linux-upgrade-mesa-libosmesa
- oracle-linux-upgrade-mesa-libosmesa-devel
- oracle-linux-upgrade-mesa-libxatracker
- oracle-linux-upgrade-mesa-libxatracker-devel
- oracle-linux-upgrade-mesa-private-llvm
- oracle-linux-upgrade-mesa-private-llvm-devel
- oracle-linux-upgrade-mesa-vulkan-drivers
- oracle-linux-upgrade-vulkan
- oracle-linux-upgrade-vulkan-devel
- oracle-linux-upgrade-vulkan-filesystem
- oracle-linux-upgrade-xcb-proto
- oracle-linux-upgrade-xkeyboard-config
- oracle-linux-upgrade-xkeyboard-config-devel
- oracle-linux-upgrade-xorg-x11-proto-devel
Advanced vulnerability management analytics and reporting.
Key Features
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center