[3.5] xorg-server: timing attack against MIT Cookie (CVE-2017-2624)
mitauth.c uses memcmp() to check the validity of MIT cookies, exposing
a
possible timing attack on some platforms.
Affected Versions:
1.19.0 and lower
References:
https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2017-2624
(from redmine: issue id 6982, created on 2017-03-07, closed on 2019-05-04)
- Relations:
- parent #6980