ID CVE-2017-2626
Summary It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.
References
Vulnerable Configurations
  • cpe:2.3:a:freedesktop:libice:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:libice:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:libice:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:libice:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:libice:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:libice:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:libice:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:libice:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:libice:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:libice:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:libice:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:libice:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:libice:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:libice:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:libice:1.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:libice:1.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:libice:1.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:libice:1.0.9:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 14-07-2019 - 21:15)
Impact:
Exploitability:
CWE CWE-331
CAPEC
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
redhat via4
advisories
bugzilla
id 1445423
title blue shadows on ppc64 and s390x
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhba:tst:20150364001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhba:tst:20150364002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhba:tst:20150364003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20150364004
  • OR
    • AND
      • comment xorg-x11-proto-devel is earlier than 0:7.7-20.el7
        oval oval:com.redhat.rhsa:tst:20171865005
      • comment xorg-x11-proto-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436072
    • AND
      • comment libXfont2 is earlier than 0:2.0.1-2.el7
        oval oval:com.redhat.rhsa:tst:20171865007
      • comment libXfont2 is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865008
    • AND
      • comment libXfont2-devel is earlier than 0:2.0.1-2.el7
        oval oval:com.redhat.rhsa:tst:20171865009
      • comment libXfont2-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865010
    • AND
      • comment libxkbcommon is earlier than 0:0.7.1-1.el7
        oval oval:com.redhat.rhsa:tst:20171865011
      • comment libxkbcommon is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865012
    • AND
      • comment libxkbcommon-devel is earlier than 0:0.7.1-1.el7
        oval oval:com.redhat.rhsa:tst:20171865013
      • comment libxkbcommon-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865014
    • AND
      • comment libxkbcommon-x11 is earlier than 0:0.7.1-1.el7
        oval oval:com.redhat.rhsa:tst:20171865017
      • comment libxkbcommon-x11 is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865018
    • AND
      • comment libxkbcommon-x11-devel is earlier than 0:0.7.1-1.el7
        oval oval:com.redhat.rhsa:tst:20171865015
      • comment libxkbcommon-x11-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865016
    • AND
      • comment drm-utils is earlier than 0:2.4.74-1.el7
        oval oval:com.redhat.rhsa:tst:20171865021
      • comment drm-utils is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865022
    • AND
      • comment libdrm is earlier than 0:2.4.74-1.el7
        oval oval:com.redhat.rhsa:tst:20171865023
      • comment libdrm is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20141376120
    • AND
      • comment libdrm-devel is earlier than 0:2.4.74-1.el7
        oval oval:com.redhat.rhsa:tst:20171865019
      • comment libdrm-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20141376122
    • AND
      • comment libepoxy is earlier than 0:1.3.1-1.el7
        oval oval:com.redhat.rhsa:tst:20171865025
      • comment libepoxy is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865026
    • AND
      • comment libepoxy-devel is earlier than 0:1.3.1-1.el7
        oval oval:com.redhat.rhsa:tst:20171865027
      • comment libepoxy-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865028
    • AND
      • comment libevdev is earlier than 0:1.5.6-1.el7
        oval oval:com.redhat.rhsa:tst:20171865031
      • comment libevdev is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865032
    • AND
      • comment libevdev-devel is earlier than 0:1.5.6-1.el7
        oval oval:com.redhat.rhsa:tst:20171865029
      • comment libevdev-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865030
    • AND
      • comment libevdev-utils is earlier than 0:1.5.6-1.el7
        oval oval:com.redhat.rhsa:tst:20171865033
      • comment libevdev-utils is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865034
    • AND
      • comment xcb-proto is earlier than 0:1.12-2.el7
        oval oval:com.redhat.rhsa:tst:20171865035
      • comment xcb-proto is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436076
    • AND
      • comment libxcb is earlier than 0:1.12-1.el7
        oval oval:com.redhat.rhsa:tst:20171865039
      • comment libxcb is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436082
    • AND
      • comment libxcb-devel is earlier than 0:1.12-1.el7
        oval oval:com.redhat.rhsa:tst:20171865037
      • comment libxcb-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436088
    • AND
      • comment libxcb-doc is earlier than 0:1.12-1.el7
        oval oval:com.redhat.rhsa:tst:20171865041
      • comment libxcb-doc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436084
    • AND
      • comment libXrandr is earlier than 0:1.5.1-2.el7
        oval oval:com.redhat.rhsa:tst:20171865043
      • comment libXrandr is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436026
    • AND
      • comment libXrandr-devel is earlier than 0:1.5.1-2.el7
        oval oval:com.redhat.rhsa:tst:20171865045
      • comment libXrandr-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436028
    • AND
      • comment libXfixes is earlier than 0:5.0.3-1.el7
        oval oval:com.redhat.rhsa:tst:20171865047
      • comment libXfixes is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436014
    • AND
      • comment libXfixes-devel is earlier than 0:5.0.3-1.el7
        oval oval:com.redhat.rhsa:tst:20171865049
      • comment libXfixes-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436016
    • AND
      • comment libXi is earlier than 0:1.7.9-1.el7
        oval oval:com.redhat.rhsa:tst:20171865051
      • comment libXi is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436090
    • AND
      • comment libXi-devel is earlier than 0:1.7.9-1.el7
        oval oval:com.redhat.rhsa:tst:20171865053
      • comment libXi-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436092
    • AND
      • comment libXtst is earlier than 0:1.2.3-1.el7
        oval oval:com.redhat.rhsa:tst:20171865057
      • comment libXtst is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436042
    • AND
      • comment libXtst-devel is earlier than 0:1.2.3-1.el7
        oval oval:com.redhat.rhsa:tst:20171865055
      • comment libXtst-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436044
    • AND
      • comment libXrender is earlier than 0:0.9.10-1.el7
        oval oval:com.redhat.rhsa:tst:20171865059
      • comment libXrender is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436030
    • AND
      • comment libXrender-devel is earlier than 0:0.9.10-1.el7
        oval oval:com.redhat.rhsa:tst:20171865061
      • comment libXrender-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436032
    • AND
      • comment libXt is earlier than 0:1.1.5-3.el7
        oval oval:com.redhat.rhsa:tst:20171865063
      • comment libXt is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436038
    • AND
      • comment libXt-devel is earlier than 0:1.1.5-3.el7
        oval oval:com.redhat.rhsa:tst:20171865065
      • comment libXt-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436040
    • AND
      • comment libXpm is earlier than 0:3.5.12-1.el7
        oval oval:com.redhat.rhsa:tst:20171865067
      • comment libXpm is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865068
    • AND
      • comment libXpm-devel is earlier than 0:3.5.12-1.el7
        oval oval:com.redhat.rhsa:tst:20171865069
      • comment libXpm-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865070
    • AND
      • comment libXaw is earlier than 0:1.0.13-4.el7
        oval oval:com.redhat.rhsa:tst:20171865071
      • comment libXaw is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865072
    • AND
      • comment libXaw-devel is earlier than 0:1.0.13-4.el7
        oval oval:com.redhat.rhsa:tst:20171865073
      • comment libXaw-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865074
    • AND
      • comment libXv is earlier than 0:1.0.11-1.el7
        oval oval:com.redhat.rhsa:tst:20171865075
      • comment libXv is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436046
    • AND
      • comment libXv-devel is earlier than 0:1.0.11-1.el7
        oval oval:com.redhat.rhsa:tst:20171865077
      • comment libXv-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436048
    • AND
      • comment libXvMC is earlier than 0:1.0.10-1.el7
        oval oval:com.redhat.rhsa:tst:20171865081
      • comment libXvMC is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436054
    • AND
      • comment libXvMC-devel is earlier than 0:1.0.10-1.el7
        oval oval:com.redhat.rhsa:tst:20171865079
      • comment libXvMC-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436056
    • AND
      • comment libXxf86vm is earlier than 0:1.1.4-1.el7
        oval oval:com.redhat.rhsa:tst:20171865083
      • comment libXxf86vm is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436062
    • AND
      • comment libXxf86vm-devel is earlier than 0:1.1.4-1.el7
        oval oval:com.redhat.rhsa:tst:20171865085
      • comment libXxf86vm-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436064
    • AND
      • comment libxkbfile is earlier than 0:1.0.9-3.el7
        oval oval:com.redhat.rhsa:tst:20171865087
      • comment libxkbfile is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865088
    • AND
      • comment libxkbfile-devel is earlier than 0:1.0.9-3.el7
        oval oval:com.redhat.rhsa:tst:20171865089
      • comment libxkbfile-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865090
    • AND
      • comment libfontenc is earlier than 0:1.1.3-3.el7
        oval oval:com.redhat.rhsa:tst:20171865091
      • comment libfontenc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865092
    • AND
      • comment libfontenc-devel is earlier than 0:1.1.3-3.el7
        oval oval:com.redhat.rhsa:tst:20171865093
      • comment libfontenc-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865094
    • AND
      • comment libXfont is earlier than 0:1.5.2-1.el7
        oval oval:com.redhat.rhsa:tst:20171865097
      • comment libXfont is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111154006
    • AND
      • comment libXfont-devel is earlier than 0:1.5.2-1.el7
        oval oval:com.redhat.rhsa:tst:20171865095
      • comment libXfont-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111154008
    • AND
      • comment xkeyboard-config is earlier than 0:2.20-1.el7
        oval oval:com.redhat.rhsa:tst:20171865099
      • comment xkeyboard-config is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436078
    • AND
      • comment xkeyboard-config-devel is earlier than 0:2.20-1.el7
        oval oval:com.redhat.rhsa:tst:20171865101
      • comment xkeyboard-config-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436080
    • AND
      • comment libvdpau is earlier than 0:1.1.1-3.el7
        oval oval:com.redhat.rhsa:tst:20171865103
      • comment libvdpau is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865104
    • AND
      • comment libvdpau-devel is earlier than 0:1.1.1-3.el7
        oval oval:com.redhat.rhsa:tst:20171865105
      • comment libvdpau-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865106
    • AND
      • comment libvdpau-docs is earlier than 0:1.1.1-3.el7
        oval oval:com.redhat.rhsa:tst:20171865107
      • comment libvdpau-docs is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865108
    • AND
      • comment libXcursor is earlier than 0:1.1.14-8.el7
        oval oval:com.redhat.rhsa:tst:20171865111
      • comment libXcursor is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436006
    • AND
      • comment libXcursor-devel is earlier than 0:1.1.14-8.el7
        oval oval:com.redhat.rhsa:tst:20171865109
      • comment libXcursor-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436008
    • AND
      • comment libwacom is earlier than 0:0.24-1.el7
        oval oval:com.redhat.rhsa:tst:20171865113
      • comment libwacom is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20141376052
    • AND
      • comment libwacom-data is earlier than 0:0.24-1.el7
        oval oval:com.redhat.rhsa:tst:20171865117
      • comment libwacom-data is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20141376056
    • AND
      • comment libwacom-devel is earlier than 0:0.24-1.el7
        oval oval:com.redhat.rhsa:tst:20171865115
      • comment libwacom-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20141376054
    • AND
      • comment libinput is earlier than 0:1.6.3-2.el7
        oval oval:com.redhat.rhsa:tst:20171865121
      • comment libinput is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865122
    • AND
      • comment libinput-devel is earlier than 0:1.6.3-2.el7
        oval oval:com.redhat.rhsa:tst:20171865119
      • comment libinput-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865120
    • AND
      • comment vulkan is earlier than 0:1.0.39.1-2.el7
        oval oval:com.redhat.rhsa:tst:20171865125
      • comment vulkan is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865126
    • AND
      • comment vulkan-devel is earlier than 0:1.0.39.1-2.el7
        oval oval:com.redhat.rhsa:tst:20171865123
      • comment vulkan-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865124
    • AND
      • comment vulkan-filesystem is earlier than 0:1.0.39.1-2.el7
        oval oval:com.redhat.rhsa:tst:20171865127
      • comment vulkan-filesystem is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865128
    • AND
      • comment mesa-private-llvm is earlier than 0:3.9.1-3.el7
        oval oval:com.redhat.rhsa:tst:20171865129
      • comment mesa-private-llvm is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20141376084
    • AND
      • comment mesa-private-llvm-devel is earlier than 0:3.9.1-3.el7
        oval oval:com.redhat.rhsa:tst:20171865131
      • comment mesa-private-llvm-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20141376086
    • AND
      • comment libX11 is earlier than 0:1.6.5-1.el7
        oval oval:com.redhat.rhsa:tst:20171865133
      • comment libX11 is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436066
    • AND
      • comment libX11-common is earlier than 0:1.6.5-1.el7
        oval oval:com.redhat.rhsa:tst:20171865137
      • comment libX11-common is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436068
    • AND
      • comment libX11-devel is earlier than 0:1.6.5-1.el7
        oval oval:com.redhat.rhsa:tst:20171865135
      • comment libX11-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20141436070
    • AND
      • comment libXdmcp is earlier than 0:1.1.2-6.el7
        oval oval:com.redhat.rhsa:tst:20171865139
      • comment libXdmcp is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865140
    • AND
      • comment libXdmcp-devel is earlier than 0:1.1.2-6.el7
        oval oval:com.redhat.rhsa:tst:20171865141
      • comment libXdmcp-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865142
    • AND
      • comment libICE is earlier than 0:1.0.9-9.el7
        oval oval:com.redhat.rhsa:tst:20171865143
      • comment libICE is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865144
    • AND
      • comment libICE-devel is earlier than 0:1.0.9-9.el7
        oval oval:com.redhat.rhsa:tst:20171865145
      • comment libICE-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865146
    • AND
      • comment mesa-dri-drivers is earlier than 0:17.0.1-6.20170307.el7
        oval oval:com.redhat.rhsa:tst:20171865165
      • comment mesa-dri-drivers is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20141376130
    • AND
      • comment mesa-filesystem is earlier than 0:17.0.1-6.20170307.el7
        oval oval:com.redhat.rhsa:tst:20171865169
      • comment mesa-filesystem is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865170
    • AND
      • comment mesa-libEGL is earlier than 0:17.0.1-6.20170307.el7
        oval oval:com.redhat.rhsa:tst:20171865153
      • comment mesa-libEGL is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20141376136
    • AND
      • comment mesa-libEGL-devel is earlier than 0:17.0.1-6.20170307.el7
        oval oval:com.redhat.rhsa:tst:20171865157
      • comment mesa-libEGL-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20141376150
    • AND
      • comment mesa-libGL is earlier than 0:17.0.1-6.20170307.el7
        oval oval:com.redhat.rhsa:tst:20171865147
      • comment mesa-libGL is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20141376142
    • AND
      • comment mesa-libGL-devel is earlier than 0:17.0.1-6.20170307.el7
        oval oval:com.redhat.rhsa:tst:20171865171
      • comment mesa-libGL-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20141376134
    • AND
      • comment mesa-libGLES is earlier than 0:17.0.1-6.20170307.el7
        oval oval:com.redhat.rhsa:tst:20171865161
      • comment mesa-libGLES is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865162
    • AND
      • comment mesa-libGLES-devel is earlier than 0:17.0.1-6.20170307.el7
        oval oval:com.redhat.rhsa:tst:20171865149
      • comment mesa-libGLES-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865150
    • AND
      • comment mesa-libOSMesa is earlier than 0:17.0.1-6.20170307.el7
        oval oval:com.redhat.rhsa:tst:20171865163
      • comment mesa-libOSMesa is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20141376154
    • AND
      • comment mesa-libOSMesa-devel is earlier than 0:17.0.1-6.20170307.el7
        oval oval:com.redhat.rhsa:tst:20171865155
      • comment mesa-libOSMesa-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20141376140
    • AND
      • comment mesa-libgbm is earlier than 0:17.0.1-6.20170307.el7
        oval oval:com.redhat.rhsa:tst:20171865167
      • comment mesa-libgbm is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20141376128
    • AND
      • comment mesa-libgbm-devel is earlier than 0:17.0.1-6.20170307.el7
        oval oval:com.redhat.rhsa:tst:20171865159
      • comment mesa-libgbm-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhba:tst:20141376132
    • AND
      • comment mesa-libglapi is earlier than 0:17.0.1-6.20170307.el7
        oval oval:com.redhat.rhsa:tst:20171865151
      • comment mesa-libglapi is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865152
    • AND
      • comment mesa-libxatracker is earlier than 0:17.0.1-6.20170307.el7
        oval oval:com.redhat.rhsa:tst:20171865175
      • comment mesa-libxatracker is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865176
    • AND
      • comment mesa-libxatracker-devel is earlier than 0:17.0.1-6.20170307.el7
        oval oval:com.redhat.rhsa:tst:20171865173
      • comment mesa-libxatracker-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865174
    • AND
      • comment mesa-vulkan-drivers is earlier than 0:17.0.1-6.20170307.el7
        oval oval:com.redhat.rhsa:tst:20171865177
      • comment mesa-vulkan-drivers is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20171865178
rhsa
id RHSA-2017:1865
released 2017-08-01
severity Moderate
title RHSA-2017:1865: X.org X11 libraries security, bug fix and enhancement update (Moderate)
rpms
  • xorg-x11-proto-devel-0:7.7-20.el7
  • libXfont2-0:2.0.1-2.el7
  • libXfont2-devel-0:2.0.1-2.el7
  • libxkbcommon-0:0.7.1-1.el7
  • libxkbcommon-devel-0:0.7.1-1.el7
  • libxkbcommon-x11-0:0.7.1-1.el7
  • libxkbcommon-x11-devel-0:0.7.1-1.el7
  • drm-utils-0:2.4.74-1.el7
  • libdrm-0:2.4.74-1.el7
  • libdrm-devel-0:2.4.74-1.el7
  • libepoxy-0:1.3.1-1.el7
  • libepoxy-devel-0:1.3.1-1.el7
  • libevdev-0:1.5.6-1.el7
  • libevdev-devel-0:1.5.6-1.el7
  • libevdev-utils-0:1.5.6-1.el7
  • xcb-proto-0:1.12-2.el7
  • libxcb-0:1.12-1.el7
  • libxcb-devel-0:1.12-1.el7
  • libxcb-doc-0:1.12-1.el7
  • libXrandr-0:1.5.1-2.el7
  • libXrandr-devel-0:1.5.1-2.el7
  • libXfixes-0:5.0.3-1.el7
  • libXfixes-devel-0:5.0.3-1.el7
  • libXi-0:1.7.9-1.el7
  • libXi-devel-0:1.7.9-1.el7
  • libXtst-0:1.2.3-1.el7
  • libXtst-devel-0:1.2.3-1.el7
  • libXrender-0:0.9.10-1.el7
  • libXrender-devel-0:0.9.10-1.el7
  • libXt-0:1.1.5-3.el7
  • libXt-devel-0:1.1.5-3.el7
  • libXpm-0:3.5.12-1.el7
  • libXpm-devel-0:3.5.12-1.el7
  • libXaw-0:1.0.13-4.el7
  • libXaw-devel-0:1.0.13-4.el7
  • libXv-0:1.0.11-1.el7
  • libXv-devel-0:1.0.11-1.el7
  • libXvMC-0:1.0.10-1.el7
  • libXvMC-devel-0:1.0.10-1.el7
  • libXxf86vm-0:1.1.4-1.el7
  • libXxf86vm-devel-0:1.1.4-1.el7
  • libxkbfile-0:1.0.9-3.el7
  • libxkbfile-devel-0:1.0.9-3.el7
  • libfontenc-0:1.1.3-3.el7
  • libfontenc-devel-0:1.1.3-3.el7
  • libXfont-0:1.5.2-1.el7
  • libXfont-devel-0:1.5.2-1.el7
  • xkeyboard-config-0:2.20-1.el7
  • xkeyboard-config-devel-0:2.20-1.el7
  • libvdpau-0:1.1.1-3.el7
  • libvdpau-devel-0:1.1.1-3.el7
  • libvdpau-docs-0:1.1.1-3.el7
  • libXcursor-0:1.1.14-8.el7
  • libXcursor-devel-0:1.1.14-8.el7
  • libwacom-0:0.24-1.el7
  • libwacom-data-0:0.24-1.el7
  • libwacom-devel-0:0.24-1.el7
  • libinput-0:1.6.3-2.el7
  • libinput-devel-0:1.6.3-2.el7
  • vulkan-0:1.0.39.1-2.el7
  • vulkan-devel-0:1.0.39.1-2.el7
  • vulkan-filesystem-0:1.0.39.1-2.el7
  • mesa-private-llvm-0:3.9.1-3.el7
  • mesa-private-llvm-devel-0:3.9.1-3.el7
  • libX11-0:1.6.5-1.el7
  • libX11-common-0:1.6.5-1.el7
  • libX11-devel-0:1.6.5-1.el7
  • libXdmcp-0:1.1.2-6.el7
  • libXdmcp-devel-0:1.1.2-6.el7
  • libICE-0:1.0.9-9.el7
  • libICE-devel-0:1.0.9-9.el7
  • mesa-dri-drivers-0:17.0.1-6.20170307.el7
  • mesa-filesystem-0:17.0.1-6.20170307.el7
  • mesa-libEGL-0:17.0.1-6.20170307.el7
  • mesa-libEGL-devel-0:17.0.1-6.20170307.el7
  • mesa-libGL-0:17.0.1-6.20170307.el7
  • mesa-libGL-devel-0:17.0.1-6.20170307.el7
  • mesa-libGLES-0:17.0.1-6.20170307.el7
  • mesa-libGLES-devel-0:17.0.1-6.20170307.el7
  • mesa-libOSMesa-0:17.0.1-6.20170307.el7
  • mesa-libOSMesa-devel-0:17.0.1-6.20170307.el7
  • mesa-libgbm-0:17.0.1-6.20170307.el7
  • mesa-libgbm-devel-0:17.0.1-6.20170307.el7
  • mesa-libglapi-0:17.0.1-6.20170307.el7
  • mesa-libxatracker-0:17.0.1-6.20170307.el7
  • mesa-libxatracker-devel-0:17.0.1-6.20170307.el7
  • mesa-vulkan-drivers-0:17.0.1-6.20170307.el7
refmap via4
bid 96480
confirm
gentoo GLSA-201704-03
misc https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
sectrack 1037919
Last major update 14-07-2019 - 21:15
Published 27-07-2018 - 19:29
Back to Top