English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871852
Category:Red Hat Local Security Checks
Title:RedHat Update for X.org X11 libraries RHSA-2017:1865-01
Summary:The remote host is missing an update for the 'X.org X11 libraries'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'X.org X11 libraries'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The X11 (Xorg) libraries provide library
routines that are used within all X Window applications. The following packages
have been upgraded to a later upstream version: libX11 (1.6.5), libXaw (1.0.13),
libXdmcp (1.1.2), libXfixes (5.0.3), libXfont (1.5.2), libXi (1.7.9), libXpm
(3.5.12), libXrandr (1.5.1), libXrender (0.9.10), libXt (1.1.5), libXtst
(1.2.3), libXv (1.0.11), libXvMC (1.0.10), libXxf86vm (1.1.4), libdrm (2.4.74),
libepoxy (1.3.1), libevdev (1.5.6), libfontenc (1.1.3), libvdpau (1.1.1),
libwacom (0.24), libxcb (1.12), libxkbfile (1.0.9), mesa (17.0.1),
mesa-private-llvm (3.9.1), xcb-proto (1.12), xkeyboard-config (2.20),
xorg-x11-proto-devel (7.7). (BZ#1401667, BZ#1401668, BZ#1401669, BZ#1401670,
BZ#1401671, BZ#1401672, BZ#1401673, BZ#1401675, BZ#1401676, BZ#1401677,
BZ#1401678, BZ#1401679, BZ#1401680, BZ#1401681, BZ#1401682, BZ#1401683,
BZ#1401685, BZ#1401690, BZ#1401752, BZ#1401753, BZ#1401754, BZ#1402560,
BZ#1410477, BZ#1411390, BZ#1411392, BZ#1411393, BZ#1411452, BZ#1420224) Security
Fix(es): * An integer overflow flaw leading to a heap-based buffer overflow was
found in libXpm. An attacker could use this flaw to crash an application using
libXpm via a specially crafted XPM file. (CVE-2016-10164) * It was discovered
that libXdmcp used weak entropy to generate session keys. On a multi-user system
using xdmcp, a local attacker could potentially use information available from
the process list to brute force the key, allowing them to hijack other users'
sessions. (CVE-2017-2625) * It was discovered that libICE used a weak entropy to
generate keys. A local attacker could potentially use this flaw for session
hijacking using the information available from the process list. (CVE-2017-2626)
Red Hat would like to thank Eric Sesterhenn (X41 D-Sec GmbH) for reporting
CVE-2017-2625 and CVE-2017-2626. Additional Changes: For detailed information on
changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes
linked from the References section.

Affected Software/OS:
X.org X11 libraries on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-10164
BugTraq ID: 95785
http://www.securityfocus.com/bid/95785
Debian Security Information: DSA-3772 (Google Search)
http://www.debian.org/security/2017/dsa-3772
https://security.gentoo.org/glsa/201701-72
http://www.openwall.com/lists/oss-security/2017/01/22/2
http://www.openwall.com/lists/oss-security/2017/01/25/7
https://lists.freedesktop.org/archives/xorg/2016-December/058537.html
RedHat Security Advisories: RHSA-2017:1865
https://access.redhat.com/errata/RHSA-2017:1865
Common Vulnerability Exposure (CVE) ID: CVE-2017-2625
1037919
http://www.securitytracker.com/id/1037919
96480
http://www.securityfocus.com/bid/96480
GLSA-201704-03
https://security.gentoo.org/glsa/201704-03
RHSA-2017:1865
[debian-lts-announce] 20191125 [SECURITY] [DLA 2006-1] libxdmcp security update
https://lists.debian.org/debian-lts-announce/2019/11/msg00024.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625
https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f
https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
Common Vulnerability Exposure (CVE) ID: CVE-2017-2626
[debian-lts-announce] 20191123 [SECURITY] [DLA 2002-1] libice security update
https://lists.debian.org/debian-lts-announce/2019/11/msg00022.html
[oss-security] 20190714 Fwd: [ANNOUNCE] libICE 1.0.10
http://www.openwall.com/lists/oss-security/2019/07/14/3
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2626
https://cgit.freedesktop.org/xorg/lib/libICE/commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b
CopyrightCopyright (C) 2017 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.