ID CVE-2017-2626
Summary It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.
References
Vulnerable Configurations
  • cpe:2.3:a:freedesktop:libice:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:libice:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:libice:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:libice:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:libice:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:libice:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:libice:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:libice:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:libice:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:libice:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:libice:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:libice:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:libice:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:libice:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:libice:1.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:libice:1.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:freedesktop:libice:1.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:freedesktop:libice:1.0.9:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 14-07-2019 - 21:15)
Impact:
Exploitability:
CWE CWE-331
CAPEC
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
assigner via4 cve@mitre.org
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
non_vulnerable_configuration via4
    redhat via4
    advisories
    bugzilla
    id 1445423
    title blue shadows on ppc64 and s390x
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment xorg-x11-proto-devel is earlier than 0:7.7-20.el7
          oval oval:com.redhat.rhsa:tst:20171865005
        • comment xorg-x11-proto-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436072
      • AND
        • comment libXfont2 is earlier than 0:2.0.1-2.el7
          oval oval:com.redhat.rhsa:tst:20171865007
        • comment libXfont2 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865008
      • AND
        • comment libXfont2-devel is earlier than 0:2.0.1-2.el7
          oval oval:com.redhat.rhsa:tst:20171865009
        • comment libXfont2-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865010
      • AND
        • comment libxkbcommon is earlier than 0:0.7.1-1.el7
          oval oval:com.redhat.rhsa:tst:20171865011
        • comment libxkbcommon is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865012
      • AND
        • comment libxkbcommon-devel is earlier than 0:0.7.1-1.el7
          oval oval:com.redhat.rhsa:tst:20171865013
        • comment libxkbcommon-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865014
      • AND
        • comment libxkbcommon-x11 is earlier than 0:0.7.1-1.el7
          oval oval:com.redhat.rhsa:tst:20171865017
        • comment libxkbcommon-x11 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865018
      • AND
        • comment libxkbcommon-x11-devel is earlier than 0:0.7.1-1.el7
          oval oval:com.redhat.rhsa:tst:20171865015
        • comment libxkbcommon-x11-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865016
      • AND
        • comment drm-utils is earlier than 0:2.4.74-1.el7
          oval oval:com.redhat.rhsa:tst:20171865021
        • comment drm-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865022
      • AND
        • comment libdrm is earlier than 0:2.4.74-1.el7
          oval oval:com.redhat.rhsa:tst:20171865023
        • comment libdrm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376120
      • AND
        • comment libdrm-devel is earlier than 0:2.4.74-1.el7
          oval oval:com.redhat.rhsa:tst:20171865019
        • comment libdrm-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376122
      • AND
        • comment libepoxy is earlier than 0:1.3.1-1.el7
          oval oval:com.redhat.rhsa:tst:20171865025
        • comment libepoxy is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865026
      • AND
        • comment libepoxy-devel is earlier than 0:1.3.1-1.el7
          oval oval:com.redhat.rhsa:tst:20171865027
        • comment libepoxy-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865028
      • AND
        • comment libevdev is earlier than 0:1.5.6-1.el7
          oval oval:com.redhat.rhsa:tst:20171865031
        • comment libevdev is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865032
      • AND
        • comment libevdev-devel is earlier than 0:1.5.6-1.el7
          oval oval:com.redhat.rhsa:tst:20171865029
        • comment libevdev-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865030
      • AND
        • comment libevdev-utils is earlier than 0:1.5.6-1.el7
          oval oval:com.redhat.rhsa:tst:20171865033
        • comment libevdev-utils is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865034
      • AND
        • comment xcb-proto is earlier than 0:1.12-2.el7
          oval oval:com.redhat.rhsa:tst:20171865035
        • comment xcb-proto is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436076
      • AND
        • comment libxcb is earlier than 0:1.12-1.el7
          oval oval:com.redhat.rhsa:tst:20171865039
        • comment libxcb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436082
      • AND
        • comment libxcb-devel is earlier than 0:1.12-1.el7
          oval oval:com.redhat.rhsa:tst:20171865037
        • comment libxcb-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436088
      • AND
        • comment libxcb-doc is earlier than 0:1.12-1.el7
          oval oval:com.redhat.rhsa:tst:20171865041
        • comment libxcb-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436084
      • AND
        • comment libXrandr is earlier than 0:1.5.1-2.el7
          oval oval:com.redhat.rhsa:tst:20171865043
        • comment libXrandr is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436026
      • AND
        • comment libXrandr-devel is earlier than 0:1.5.1-2.el7
          oval oval:com.redhat.rhsa:tst:20171865045
        • comment libXrandr-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436028
      • AND
        • comment libXfixes is earlier than 0:5.0.3-1.el7
          oval oval:com.redhat.rhsa:tst:20171865047
        • comment libXfixes is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436014
      • AND
        • comment libXfixes-devel is earlier than 0:5.0.3-1.el7
          oval oval:com.redhat.rhsa:tst:20171865049
        • comment libXfixes-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436016
      • AND
        • comment libXi is earlier than 0:1.7.9-1.el7
          oval oval:com.redhat.rhsa:tst:20171865051
        • comment libXi is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436090
      • AND
        • comment libXi-devel is earlier than 0:1.7.9-1.el7
          oval oval:com.redhat.rhsa:tst:20171865053
        • comment libXi-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436092
      • AND
        • comment libXtst is earlier than 0:1.2.3-1.el7
          oval oval:com.redhat.rhsa:tst:20171865057
        • comment libXtst is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436042
      • AND
        • comment libXtst-devel is earlier than 0:1.2.3-1.el7
          oval oval:com.redhat.rhsa:tst:20171865055
        • comment libXtst-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436044
      • AND
        • comment libXrender is earlier than 0:0.9.10-1.el7
          oval oval:com.redhat.rhsa:tst:20171865059
        • comment libXrender is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436030
      • AND
        • comment libXrender-devel is earlier than 0:0.9.10-1.el7
          oval oval:com.redhat.rhsa:tst:20171865061
        • comment libXrender-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436032
      • AND
        • comment libXt is earlier than 0:1.1.5-3.el7
          oval oval:com.redhat.rhsa:tst:20171865063
        • comment libXt is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436038
      • AND
        • comment libXt-devel is earlier than 0:1.1.5-3.el7
          oval oval:com.redhat.rhsa:tst:20171865065
        • comment libXt-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436040
      • AND
        • comment libXpm is earlier than 0:3.5.12-1.el7
          oval oval:com.redhat.rhsa:tst:20171865067
        • comment libXpm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865068
      • AND
        • comment libXpm-devel is earlier than 0:3.5.12-1.el7
          oval oval:com.redhat.rhsa:tst:20171865069
        • comment libXpm-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865070
      • AND
        • comment libXaw is earlier than 0:1.0.13-4.el7
          oval oval:com.redhat.rhsa:tst:20171865071
        • comment libXaw is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865072
      • AND
        • comment libXaw-devel is earlier than 0:1.0.13-4.el7
          oval oval:com.redhat.rhsa:tst:20171865073
        • comment libXaw-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865074
      • AND
        • comment libXv is earlier than 0:1.0.11-1.el7
          oval oval:com.redhat.rhsa:tst:20171865075
        • comment libXv is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436046
      • AND
        • comment libXv-devel is earlier than 0:1.0.11-1.el7
          oval oval:com.redhat.rhsa:tst:20171865077
        • comment libXv-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436048
      • AND
        • comment libXvMC is earlier than 0:1.0.10-1.el7
          oval oval:com.redhat.rhsa:tst:20171865081
        • comment libXvMC is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436054
      • AND
        • comment libXvMC-devel is earlier than 0:1.0.10-1.el7
          oval oval:com.redhat.rhsa:tst:20171865079
        • comment libXvMC-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436056
      • AND
        • comment libXxf86vm is earlier than 0:1.1.4-1.el7
          oval oval:com.redhat.rhsa:tst:20171865083
        • comment libXxf86vm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436062
      • AND
        • comment libXxf86vm-devel is earlier than 0:1.1.4-1.el7
          oval oval:com.redhat.rhsa:tst:20171865085
        • comment libXxf86vm-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436064
      • AND
        • comment libxkbfile is earlier than 0:1.0.9-3.el7
          oval oval:com.redhat.rhsa:tst:20171865087
        • comment libxkbfile is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865088
      • AND
        • comment libxkbfile-devel is earlier than 0:1.0.9-3.el7
          oval oval:com.redhat.rhsa:tst:20171865089
        • comment libxkbfile-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865090
      • AND
        • comment libfontenc is earlier than 0:1.1.3-3.el7
          oval oval:com.redhat.rhsa:tst:20171865091
        • comment libfontenc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865092
      • AND
        • comment libfontenc-devel is earlier than 0:1.1.3-3.el7
          oval oval:com.redhat.rhsa:tst:20171865093
        • comment libfontenc-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865094
      • AND
        • comment libXfont is earlier than 0:1.5.2-1.el7
          oval oval:com.redhat.rhsa:tst:20171865097
        • comment libXfont is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111154006
      • AND
        • comment libXfont-devel is earlier than 0:1.5.2-1.el7
          oval oval:com.redhat.rhsa:tst:20171865095
        • comment libXfont-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111154008
      • AND
        • comment xkeyboard-config is earlier than 0:2.20-1.el7
          oval oval:com.redhat.rhsa:tst:20171865099
        • comment xkeyboard-config is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436078
      • AND
        • comment xkeyboard-config-devel is earlier than 0:2.20-1.el7
          oval oval:com.redhat.rhsa:tst:20171865101
        • comment xkeyboard-config-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436080
      • AND
        • comment libvdpau is earlier than 0:1.1.1-3.el7
          oval oval:com.redhat.rhsa:tst:20171865103
        • comment libvdpau is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865104
      • AND
        • comment libvdpau-devel is earlier than 0:1.1.1-3.el7
          oval oval:com.redhat.rhsa:tst:20171865105
        • comment libvdpau-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865106
      • AND
        • comment libvdpau-docs is earlier than 0:1.1.1-3.el7
          oval oval:com.redhat.rhsa:tst:20171865107
        • comment libvdpau-docs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865108
      • AND
        • comment libXcursor is earlier than 0:1.1.14-8.el7
          oval oval:com.redhat.rhsa:tst:20171865111
        • comment libXcursor is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436006
      • AND
        • comment libXcursor-devel is earlier than 0:1.1.14-8.el7
          oval oval:com.redhat.rhsa:tst:20171865109
        • comment libXcursor-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436008
      • AND
        • comment libwacom is earlier than 0:0.24-1.el7
          oval oval:com.redhat.rhsa:tst:20171865113
        • comment libwacom is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376052
      • AND
        • comment libwacom-data is earlier than 0:0.24-1.el7
          oval oval:com.redhat.rhsa:tst:20171865117
        • comment libwacom-data is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376056
      • AND
        • comment libwacom-devel is earlier than 0:0.24-1.el7
          oval oval:com.redhat.rhsa:tst:20171865115
        • comment libwacom-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376054
      • AND
        • comment libinput is earlier than 0:1.6.3-2.el7
          oval oval:com.redhat.rhsa:tst:20171865121
        • comment libinput is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865122
      • AND
        • comment libinput-devel is earlier than 0:1.6.3-2.el7
          oval oval:com.redhat.rhsa:tst:20171865119
        • comment libinput-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865120
      • AND
        • comment vulkan is earlier than 0:1.0.39.1-2.el7
          oval oval:com.redhat.rhsa:tst:20171865125
        • comment vulkan is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865126
      • AND
        • comment vulkan-devel is earlier than 0:1.0.39.1-2.el7
          oval oval:com.redhat.rhsa:tst:20171865123
        • comment vulkan-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865124
      • AND
        • comment vulkan-filesystem is earlier than 0:1.0.39.1-2.el7
          oval oval:com.redhat.rhsa:tst:20171865127
        • comment vulkan-filesystem is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865128
      • AND
        • comment mesa-private-llvm is earlier than 0:3.9.1-3.el7
          oval oval:com.redhat.rhsa:tst:20171865129
        • comment mesa-private-llvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376084
      • AND
        • comment mesa-private-llvm-devel is earlier than 0:3.9.1-3.el7
          oval oval:com.redhat.rhsa:tst:20171865131
        • comment mesa-private-llvm-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376086
      • AND
        • comment libX11 is earlier than 0:1.6.5-1.el7
          oval oval:com.redhat.rhsa:tst:20171865133
        • comment libX11 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436066
      • AND
        • comment libX11-common is earlier than 0:1.6.5-1.el7
          oval oval:com.redhat.rhsa:tst:20171865137
        • comment libX11-common is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436068
      • AND
        • comment libX11-devel is earlier than 0:1.6.5-1.el7
          oval oval:com.redhat.rhsa:tst:20171865135
        • comment libX11-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20141436070
      • AND
        • comment libXdmcp is earlier than 0:1.1.2-6.el7
          oval oval:com.redhat.rhsa:tst:20171865139
        • comment libXdmcp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865140
      • AND
        • comment libXdmcp-devel is earlier than 0:1.1.2-6.el7
          oval oval:com.redhat.rhsa:tst:20171865141
        • comment libXdmcp-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865142
      • AND
        • comment libICE is earlier than 0:1.0.9-9.el7
          oval oval:com.redhat.rhsa:tst:20171865143
        • comment libICE is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865144
      • AND
        • comment libICE-devel is earlier than 0:1.0.9-9.el7
          oval oval:com.redhat.rhsa:tst:20171865145
        • comment libICE-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865146
      • AND
        • comment mesa-dri-drivers is earlier than 0:17.0.1-6.20170307.el7
          oval oval:com.redhat.rhsa:tst:20171865165
        • comment mesa-dri-drivers is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376130
      • AND
        • comment mesa-filesystem is earlier than 0:17.0.1-6.20170307.el7
          oval oval:com.redhat.rhsa:tst:20171865169
        • comment mesa-filesystem is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865170
      • AND
        • comment mesa-libEGL is earlier than 0:17.0.1-6.20170307.el7
          oval oval:com.redhat.rhsa:tst:20171865153
        • comment mesa-libEGL is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376136
      • AND
        • comment mesa-libEGL-devel is earlier than 0:17.0.1-6.20170307.el7
          oval oval:com.redhat.rhsa:tst:20171865157
        • comment mesa-libEGL-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376150
      • AND
        • comment mesa-libGL is earlier than 0:17.0.1-6.20170307.el7
          oval oval:com.redhat.rhsa:tst:20171865147
        • comment mesa-libGL is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376142
      • AND
        • comment mesa-libGL-devel is earlier than 0:17.0.1-6.20170307.el7
          oval oval:com.redhat.rhsa:tst:20171865171
        • comment mesa-libGL-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376134
      • AND
        • comment mesa-libGLES is earlier than 0:17.0.1-6.20170307.el7
          oval oval:com.redhat.rhsa:tst:20171865161
        • comment mesa-libGLES is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865162
      • AND
        • comment mesa-libGLES-devel is earlier than 0:17.0.1-6.20170307.el7
          oval oval:com.redhat.rhsa:tst:20171865149
        • comment mesa-libGLES-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865150
      • AND
        • comment mesa-libOSMesa is earlier than 0:17.0.1-6.20170307.el7
          oval oval:com.redhat.rhsa:tst:20171865163
        • comment mesa-libOSMesa is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376154
      • AND
        • comment mesa-libOSMesa-devel is earlier than 0:17.0.1-6.20170307.el7
          oval oval:com.redhat.rhsa:tst:20171865155
        • comment mesa-libOSMesa-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376140
      • AND
        • comment mesa-libgbm is earlier than 0:17.0.1-6.20170307.el7
          oval oval:com.redhat.rhsa:tst:20171865167
        • comment mesa-libgbm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376128
      • AND
        • comment mesa-libgbm-devel is earlier than 0:17.0.1-6.20170307.el7
          oval oval:com.redhat.rhsa:tst:20171865159
        • comment mesa-libgbm-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhba:tst:20141376132
      • AND
        • comment mesa-libglapi is earlier than 0:17.0.1-6.20170307.el7
          oval oval:com.redhat.rhsa:tst:20171865151
        • comment mesa-libglapi is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865152
      • AND
        • comment mesa-libxatracker is earlier than 0:17.0.1-6.20170307.el7
          oval oval:com.redhat.rhsa:tst:20171865175
        • comment mesa-libxatracker is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865176
      • AND
        • comment mesa-libxatracker-devel is earlier than 0:17.0.1-6.20170307.el7
          oval oval:com.redhat.rhsa:tst:20171865173
        • comment mesa-libxatracker-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865174
      • AND
        • comment mesa-vulkan-drivers is earlier than 0:17.0.1-6.20170307.el7
          oval oval:com.redhat.rhsa:tst:20171865177
        • comment mesa-vulkan-drivers is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20171865178
    rhsa
    id RHSA-2017:1865
    released 2017-08-01
    severity Moderate
    title RHSA-2017:1865: X.org X11 libraries security, bug fix and enhancement update (Moderate)
    rpms
    • xorg-x11-proto-devel-0:7.7-20.el7
    • libXfont2-0:2.0.1-2.el7
    • libXfont2-devel-0:2.0.1-2.el7
    • libxkbcommon-0:0.7.1-1.el7
    • libxkbcommon-devel-0:0.7.1-1.el7
    • libxkbcommon-x11-0:0.7.1-1.el7
    • libxkbcommon-x11-devel-0:0.7.1-1.el7
    • drm-utils-0:2.4.74-1.el7
    • libdrm-0:2.4.74-1.el7
    • libdrm-devel-0:2.4.74-1.el7
    • libepoxy-0:1.3.1-1.el7
    • libepoxy-devel-0:1.3.1-1.el7
    • libevdev-0:1.5.6-1.el7
    • libevdev-devel-0:1.5.6-1.el7
    • libevdev-utils-0:1.5.6-1.el7
    • xcb-proto-0:1.12-2.el7
    • libxcb-0:1.12-1.el7
    • libxcb-devel-0:1.12-1.el7
    • libxcb-doc-0:1.12-1.el7
    • libXrandr-0:1.5.1-2.el7
    • libXrandr-devel-0:1.5.1-2.el7
    • libXfixes-0:5.0.3-1.el7
    • libXfixes-devel-0:5.0.3-1.el7
    • libXi-0:1.7.9-1.el7
    • libXi-devel-0:1.7.9-1.el7
    • libXtst-0:1.2.3-1.el7
    • libXtst-devel-0:1.2.3-1.el7
    • libXrender-0:0.9.10-1.el7
    • libXrender-devel-0:0.9.10-1.el7
    • libXt-0:1.1.5-3.el7
    • libXt-devel-0:1.1.5-3.el7
    • libXpm-0:3.5.12-1.el7
    • libXpm-devel-0:3.5.12-1.el7
    • libXaw-0:1.0.13-4.el7
    • libXaw-devel-0:1.0.13-4.el7
    • libXv-0:1.0.11-1.el7
    • libXv-devel-0:1.0.11-1.el7
    • libXvMC-0:1.0.10-1.el7
    • libXvMC-devel-0:1.0.10-1.el7
    • libXxf86vm-0:1.1.4-1.el7
    • libXxf86vm-devel-0:1.1.4-1.el7
    • libxkbfile-0:1.0.9-3.el7
    • libxkbfile-devel-0:1.0.9-3.el7
    • libfontenc-0:1.1.3-3.el7
    • libfontenc-devel-0:1.1.3-3.el7
    • libXfont-0:1.5.2-1.el7
    • libXfont-devel-0:1.5.2-1.el7
    • xkeyboard-config-0:2.20-1.el7
    • xkeyboard-config-devel-0:2.20-1.el7
    • libvdpau-0:1.1.1-3.el7
    • libvdpau-devel-0:1.1.1-3.el7
    • libvdpau-docs-0:1.1.1-3.el7
    • libXcursor-0:1.1.14-8.el7
    • libXcursor-devel-0:1.1.14-8.el7
    • libwacom-0:0.24-1.el7
    • libwacom-data-0:0.24-1.el7
    • libwacom-devel-0:0.24-1.el7
    • libinput-0:1.6.3-2.el7
    • libinput-devel-0:1.6.3-2.el7
    • vulkan-0:1.0.39.1-2.el7
    • vulkan-devel-0:1.0.39.1-2.el7
    • vulkan-filesystem-0:1.0.39.1-2.el7
    • mesa-private-llvm-0:3.9.1-3.el7
    • mesa-private-llvm-devel-0:3.9.1-3.el7
    • libX11-0:1.6.5-1.el7
    • libX11-common-0:1.6.5-1.el7
    • libX11-devel-0:1.6.5-1.el7
    • libXdmcp-0:1.1.2-6.el7
    • libXdmcp-devel-0:1.1.2-6.el7
    • libICE-0:1.0.9-9.el7
    • libICE-devel-0:1.0.9-9.el7
    • mesa-dri-drivers-0:17.0.1-6.20170307.el7
    • mesa-filesystem-0:17.0.1-6.20170307.el7
    • mesa-libEGL-0:17.0.1-6.20170307.el7
    • mesa-libEGL-devel-0:17.0.1-6.20170307.el7
    • mesa-libGL-0:17.0.1-6.20170307.el7
    • mesa-libGL-devel-0:17.0.1-6.20170307.el7
    • mesa-libGLES-0:17.0.1-6.20170307.el7
    • mesa-libGLES-devel-0:17.0.1-6.20170307.el7
    • mesa-libOSMesa-0:17.0.1-6.20170307.el7
    • mesa-libOSMesa-devel-0:17.0.1-6.20170307.el7
    • mesa-libgbm-0:17.0.1-6.20170307.el7
    • mesa-libgbm-devel-0:17.0.1-6.20170307.el7
    • mesa-libglapi-0:17.0.1-6.20170307.el7
    • mesa-libxatracker-0:17.0.1-6.20170307.el7
    • mesa-libxatracker-devel-0:17.0.1-6.20170307.el7
    • mesa-vulkan-drivers-0:17.0.1-6.20170307.el7
    refmap via4
    bid 96480
    confirm
    gentoo GLSA-201704-03
    misc https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
    sectrack 1037919
    vulnerable_product via4
    • cpe:2.3:a:freedesktop:libice:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:libice:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:libice:1.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:libice:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:libice:1.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:libice:1.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:libice:1.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:libice:1.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:freedesktop:libice:1.0.9:*:*:*:*:*:*:*
    Last major update 14-07-2019 - 21:15
    Published 27-07-2018 - 19:29
    Back to Top