|Category:||Red Hat Local Security Checks|
|Title:||RedHat Update for X.org X11 libraries RHSA-2017:1865-01|
|Summary:||The remote host is missing an update for the 'X.org X11 libraries'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'X.org X11 libraries'
package(s) announced via the referenced advisory.
The X11 (Xorg) libraries provide library
routines that are used within all X Window applications. The following packages
have been upgraded to a later upstream version: libX11 (1.6.5), libXaw (1.0.13),
libXdmcp (1.1.2), libXfixes (5.0.3), libXfont (1.5.2), libXi (1.7.9), libXpm
(3.5.12), libXrandr (1.5.1), libXrender (0.9.10), libXt (1.1.5), libXtst
(1.2.3), libXv (1.0.11), libXvMC (1.0.10), libXxf86vm (1.1.4), libdrm (2.4.74),
libepoxy (1.3.1), libevdev (1.5.6), libfontenc (1.1.3), libvdpau (1.1.1),
libwacom (0.24), libxcb (1.12), libxkbfile (1.0.9), mesa (17.0.1),
mesa-private-llvm (3.9.1), xcb-proto (1.12), xkeyboard-config (2.20),
xorg-x11-proto-devel (7.7). (BZ#1401667, BZ#1401668, BZ#1401669, BZ#1401670,
BZ#1401671, BZ#1401672, BZ#1401673, BZ#1401675, BZ#1401676, BZ#1401677,
BZ#1401678, BZ#1401679, BZ#1401680, BZ#1401681, BZ#1401682, BZ#1401683,
BZ#1401685, BZ#1401690, BZ#1401752, BZ#1401753, BZ#1401754, BZ#1402560,
BZ#1410477, BZ#1411390, BZ#1411392, BZ#1411393, BZ#1411452, BZ#1420224) Security
Fix(es): * An integer overflow flaw leading to a heap-based buffer overflow was
found in libXpm. An attacker could use this flaw to crash an application using
libXpm via a specially crafted XPM file. (CVE-2016-10164) * It was discovered
that libXdmcp used weak entropy to generate session keys. On a multi-user system
using xdmcp, a local attacker could potentially use information available from
the process list to brute force the key, allowing them to hijack other users'
sessions. (CVE-2017-2625) * It was discovered that libICE used a weak entropy to
generate keys. A local attacker could potentially use this flaw for session
hijacking using the information available from the process list. (CVE-2017-2626)
Red Hat would like to thank Eric Sesterhenn (X41 D-Sec GmbH) for reporting
CVE-2017-2625 and CVE-2017-2626. Additional Changes: For detailed information on
changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes
linked from the References section.
X.org X11 libraries on Red Hat Enterprise Linux Server (v. 7)
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2017-2625|
BugTraq ID: 96480
RedHat Security Advisories: RHSA-2017:1865
Common Vulnerability Exposure (CVE) ID: CVE-2017-2626
|Copyright||Copyright (C) 2017 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.