English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.871852
Categoría:Red Hat Local Security Checks
Título:RedHat Update for X.org X11 libraries RHSA-2017:1865-01
Resumen:The remote host is missing an update for the 'X.org X11 libraries'; package(s) announced via the referenced advisory.
Descripción:Summary:
The remote host is missing an update for the 'X.org X11 libraries'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The X11 (Xorg) libraries provide library
routines that are used within all X Window applications. The following packages
have been upgraded to a later upstream version: libX11 (1.6.5), libXaw (1.0.13),
libXdmcp (1.1.2), libXfixes (5.0.3), libXfont (1.5.2), libXi (1.7.9), libXpm
(3.5.12), libXrandr (1.5.1), libXrender (0.9.10), libXt (1.1.5), libXtst
(1.2.3), libXv (1.0.11), libXvMC (1.0.10), libXxf86vm (1.1.4), libdrm (2.4.74),
libepoxy (1.3.1), libevdev (1.5.6), libfontenc (1.1.3), libvdpau (1.1.1),
libwacom (0.24), libxcb (1.12), libxkbfile (1.0.9), mesa (17.0.1),
mesa-private-llvm (3.9.1), xcb-proto (1.12), xkeyboard-config (2.20),
xorg-x11-proto-devel (7.7). (BZ#1401667, BZ#1401668, BZ#1401669, BZ#1401670,
BZ#1401671, BZ#1401672, BZ#1401673, BZ#1401675, BZ#1401676, BZ#1401677,
BZ#1401678, BZ#1401679, BZ#1401680, BZ#1401681, BZ#1401682, BZ#1401683,
BZ#1401685, BZ#1401690, BZ#1401752, BZ#1401753, BZ#1401754, BZ#1402560,
BZ#1410477, BZ#1411390, BZ#1411392, BZ#1411393, BZ#1411452, BZ#1420224) Security
Fix(es): * An integer overflow flaw leading to a heap-based buffer overflow was
found in libXpm. An attacker could use this flaw to crash an application using
libXpm via a specially crafted XPM file. (CVE-2016-10164) * It was discovered
that libXdmcp used weak entropy to generate session keys. On a multi-user system
using xdmcp, a local attacker could potentially use information available from
the process list to brute force the key, allowing them to hijack other users'
sessions. (CVE-2017-2625) * It was discovered that libICE used a weak entropy to
generate keys. A local attacker could potentially use this flaw for session
hijacking using the information available from the process list. (CVE-2017-2626)
Red Hat would like to thank Eric Sesterhenn (X41 D-Sec GmbH) for reporting
CVE-2017-2625 and CVE-2017-2626. Additional Changes: For detailed information on
changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes
linked from the References section.

Affected Software/OS:
X.org X11 libraries on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-10164
BugTraq ID: 95785
http://www.securityfocus.com/bid/95785
Debian Security Information: DSA-3772 (Google Search)
http://www.debian.org/security/2017/dsa-3772
https://security.gentoo.org/glsa/201701-72
http://www.openwall.com/lists/oss-security/2017/01/22/2
http://www.openwall.com/lists/oss-security/2017/01/25/7
https://lists.freedesktop.org/archives/xorg/2016-December/058537.html
RedHat Security Advisories: RHSA-2017:1865
https://access.redhat.com/errata/RHSA-2017:1865
Common Vulnerability Exposure (CVE) ID: CVE-2017-2625
1037919
http://www.securitytracker.com/id/1037919
96480
http://www.securityfocus.com/bid/96480
GLSA-201704-03
https://security.gentoo.org/glsa/201704-03
RHSA-2017:1865
[debian-lts-announce] 20191125 [SECURITY] [DLA 2006-1] libxdmcp security update
https://lists.debian.org/debian-lts-announce/2019/11/msg00024.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625
https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f
https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
Common Vulnerability Exposure (CVE) ID: CVE-2017-2626
[debian-lts-announce] 20191123 [SECURITY] [DLA 2002-1] libice security update
https://lists.debian.org/debian-lts-announce/2019/11/msg00022.html
[oss-security] 20190714 Fwd: [ANNOUNCE] libICE 1.0.10
http://www.openwall.com/lists/oss-security/2019/07/14/3
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2626
https://cgit.freedesktop.org/xorg/lib/libICE/commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b
CopyrightCopyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.