Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.871852
Category:Red Hat Local Security Checks
Title:RedHat Update for X.org X11 libraries RHSA-2017:1865-01
Summary:The remote host is missing an update for the 'X.org X11 libraries'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'X.org X11 libraries'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The X11 (Xorg) libraries provide library
routines that are used within all X Window applications. The following packages
have been upgraded to a later upstream version: libX11 (1.6.5), libXaw (1.0.13),
libXdmcp (1.1.2), libXfixes (5.0.3), libXfont (1.5.2), libXi (1.7.9), libXpm
(3.5.12), libXrandr (1.5.1), libXrender (0.9.10), libXt (1.1.5), libXtst
(1.2.3), libXv (1.0.11), libXvMC (1.0.10), libXxf86vm (1.1.4), libdrm (2.4.74),
libepoxy (1.3.1), libevdev (1.5.6), libfontenc (1.1.3), libvdpau (1.1.1),
libwacom (0.24), libxcb (1.12), libxkbfile (1.0.9), mesa (17.0.1),
mesa-private-llvm (3.9.1), xcb-proto (1.12), xkeyboard-config (2.20),
xorg-x11-proto-devel (7.7). (BZ#1401667, BZ#1401668, BZ#1401669, BZ#1401670,
BZ#1401671, BZ#1401672, BZ#1401673, BZ#1401675, BZ#1401676, BZ#1401677,
BZ#1401678, BZ#1401679, BZ#1401680, BZ#1401681, BZ#1401682, BZ#1401683,
BZ#1401685, BZ#1401690, BZ#1401752, BZ#1401753, BZ#1401754, BZ#1402560,
BZ#1410477, BZ#1411390, BZ#1411392, BZ#1411393, BZ#1411452, BZ#1420224) Security
Fix(es): * An integer overflow flaw leading to a heap-based buffer overflow was
found in libXpm. An attacker could use this flaw to crash an application using
libXpm via a specially crafted XPM file. (CVE-2016-10164) * It was discovered
that libXdmcp used weak entropy to generate session keys. On a multi-user system
using xdmcp, a local attacker could potentially use information available from
the process list to brute force the key, allowing them to hijack other users'
sessions. (CVE-2017-2625) * It was discovered that libICE used a weak entropy to
generate keys. A local attacker could potentially use this flaw for session
hijacking using the information available from the process list. (CVE-2017-2626)
Red Hat would like to thank Eric Sesterhenn (X41 D-Sec GmbH) for reporting
CVE-2017-2625 and CVE-2017-2626. Additional Changes: For detailed information on
changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes
linked from the References section.

Affected Software/OS:
X.org X11 libraries on Red Hat Enterprise Linux Server (v. 7)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2017-2625
BugTraq ID: 96480
http://www.securityfocus.com/bid/96480
https://security.gentoo.org/glsa/201704-03
https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
https://lists.debian.org/debian-lts-announce/2019/11/msg00024.html
RedHat Security Advisories: RHSA-2017:1865
https://access.redhat.com/errata/RHSA-2017:1865
http://www.securitytracker.com/id/1037919
Common Vulnerability Exposure (CVE) ID: CVE-2017-2626
https://lists.debian.org/debian-lts-announce/2019/11/msg00022.html
http://www.openwall.com/lists/oss-security/2019/07/14/3
CopyrightCopyright (C) 2017 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.