First published: Mon Feb 20 2017(Updated: )
It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Freedesktop Libice | <=1.0.9 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Server Aus | =7.4 | |
Redhat Enterprise Linux Server Eus | =7.4 | |
Redhat Enterprise Linux Server Eus | =7.5 | |
Redhat Enterprise Linux Workstation | =7.0 |
https://cgit.freedesktop.org/xorg/lib/libICE/commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.