[3.5] libice: weak entropy usage in session keys (CVE-2017-2626)
It was discovered that libICE depends on a weak entropy mechanism for
generating keys. A local attacker could
potentially forge session keys allowing them to send unauthorized
messages to the desktop session manager.
Affected Versions:
1.0.9 and lower
References:
https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2017-2626
(from redmine: issue id 6976, created on 2017-03-07, closed on 2019-05-04)
- Relations:
- parent #6974 (closed)