CVE-2017-2626 - It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker

CVE-2017-2626

Summary

It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.

References

Vulnerable Configurations

cpe:2.3:a:freedesktop:libice:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:libice:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:libice:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:libice:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:libice:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:libice:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:libice:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:libice:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:libice:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:libice:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:libice:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:libice:1.0.6:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:libice:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:libice:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:libice:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:libice:1.0.8:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:libice:1.0.9:*:*:*:*:*:*:*
cpe:2.3:a:freedesktop:libice:1.0.9:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

CVSS

Base:	2.1 (as of 12-02-2023 - 23:29)
Impact:
Exploitability:

CWE

CWE-331

CAPEC

Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:N/A:N

redhat via4

advisories

bugzilla

id	1445423
title	blue shadows on ppc64 and s390x

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND

comment xorg-x11-proto-devel is earlier than 0:7.7-20.el7
oval oval:com.redhat.rhsa:tst:20171865001
comment xorg-x11-proto-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436068

AND
comment libXfont2 is earlier than 0:2.0.1-2.el7
oval oval:com.redhat.rhsa:tst:20171865003
comment libXfont2 is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865004

AND

comment libXfont2-devel is earlier than 0:2.0.1-2.el7
oval oval:com.redhat.rhsa:tst:20171865005
comment libXfont2-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865006

AND
comment libxkbcommon is earlier than 0:0.7.1-1.el7
oval oval:com.redhat.rhsa:tst:20171865007
comment libxkbcommon is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865008

AND

comment libxkbcommon-devel is earlier than 0:0.7.1-1.el7
oval oval:com.redhat.rhsa:tst:20171865009
comment libxkbcommon-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865010

AND

comment libxkbcommon-x11 is earlier than 0:0.7.1-1.el7
oval oval:com.redhat.rhsa:tst:20171865011
comment libxkbcommon-x11 is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865012

AND

comment libxkbcommon-x11-devel is earlier than 0:0.7.1-1.el7
oval oval:com.redhat.rhsa:tst:20171865013
comment libxkbcommon-x11-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865014

AND
comment drm-utils is earlier than 0:2.4.74-1.el7
oval oval:com.redhat.rhsa:tst:20171865015
comment drm-utils is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865016
AND
comment libdrm is earlier than 0:2.4.74-1.el7
oval oval:com.redhat.rhsa:tst:20171865017
comment libdrm is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141376116
AND
comment libdrm-devel is earlier than 0:2.4.74-1.el7
oval oval:com.redhat.rhsa:tst:20171865019
comment libdrm-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141376118
AND
comment libepoxy is earlier than 0:1.3.1-1.el7
oval oval:com.redhat.rhsa:tst:20171865021
comment libepoxy is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865022

AND

comment libepoxy-devel is earlier than 0:1.3.1-1.el7
oval oval:com.redhat.rhsa:tst:20171865023
comment libepoxy-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865024

AND
comment libevdev is earlier than 0:1.5.6-1.el7
oval oval:com.redhat.rhsa:tst:20171865025
comment libevdev is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865026

AND

comment libevdev-devel is earlier than 0:1.5.6-1.el7
oval oval:com.redhat.rhsa:tst:20171865027
comment libevdev-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865028

AND

comment libevdev-utils is earlier than 0:1.5.6-1.el7
oval oval:com.redhat.rhsa:tst:20171865029
comment libevdev-utils is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865030

AND
comment xcb-proto is earlier than 0:1.12-2.el7
oval oval:com.redhat.rhsa:tst:20171865031
comment xcb-proto is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436072
AND
comment libxcb is earlier than 0:1.12-1.el7
oval oval:com.redhat.rhsa:tst:20171865033
comment libxcb is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436078
AND
comment libxcb-devel is earlier than 0:1.12-1.el7
oval oval:com.redhat.rhsa:tst:20171865035
comment libxcb-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436080
AND
comment libxcb-doc is earlier than 0:1.12-1.el7
oval oval:com.redhat.rhsa:tst:20171865037
comment libxcb-doc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436082
AND
comment libXrandr is earlier than 0:1.5.1-2.el7
oval oval:com.redhat.rhsa:tst:20171865039
comment libXrandr is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436022

AND

comment libXrandr-devel is earlier than 0:1.5.1-2.el7
oval oval:com.redhat.rhsa:tst:20171865041
comment libXrandr-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436024

AND
comment libXfixes is earlier than 0:5.0.3-1.el7
oval oval:com.redhat.rhsa:tst:20171865043
comment libXfixes is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436010

AND

comment libXfixes-devel is earlier than 0:5.0.3-1.el7
oval oval:com.redhat.rhsa:tst:20171865045
comment libXfixes-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436012

AND
comment libXi is earlier than 0:1.7.9-1.el7
oval oval:com.redhat.rhsa:tst:20171865047
comment libXi is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436086
AND
comment libXi-devel is earlier than 0:1.7.9-1.el7
oval oval:com.redhat.rhsa:tst:20171865049
comment libXi-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436088
AND
comment libXtst is earlier than 0:1.2.3-1.el7
oval oval:com.redhat.rhsa:tst:20171865051
comment libXtst is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436038
AND
comment libXtst-devel is earlier than 0:1.2.3-1.el7
oval oval:com.redhat.rhsa:tst:20171865053
comment libXtst-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436040
AND
comment libXrender is earlier than 0:0.9.10-1.el7
oval oval:com.redhat.rhsa:tst:20171865055
comment libXrender is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436026

AND

comment libXrender-devel is earlier than 0:0.9.10-1.el7
oval oval:com.redhat.rhsa:tst:20171865057
comment libXrender-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436028

AND
comment libXt is earlier than 0:1.1.5-3.el7
oval oval:com.redhat.rhsa:tst:20171865059
comment libXt is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436034
AND
comment libXt-devel is earlier than 0:1.1.5-3.el7
oval oval:com.redhat.rhsa:tst:20171865061
comment libXt-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436036
AND
comment libXpm is earlier than 0:3.5.12-1.el7
oval oval:com.redhat.rhsa:tst:20171865063
comment libXpm is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865064
AND
comment libXpm-devel is earlier than 0:3.5.12-1.el7
oval oval:com.redhat.rhsa:tst:20171865065
comment libXpm-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865066
AND
comment libXaw is earlier than 0:1.0.13-4.el7
oval oval:com.redhat.rhsa:tst:20171865067
comment libXaw is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865068
AND
comment libXaw-devel is earlier than 0:1.0.13-4.el7
oval oval:com.redhat.rhsa:tst:20171865069
comment libXaw-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865070
AND
comment libXv is earlier than 0:1.0.11-1.el7
oval oval:com.redhat.rhsa:tst:20171865071
comment libXv is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436042
AND
comment libXv-devel is earlier than 0:1.0.11-1.el7
oval oval:com.redhat.rhsa:tst:20171865073
comment libXv-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436044
AND
comment libXvMC is earlier than 0:1.0.10-1.el7
oval oval:com.redhat.rhsa:tst:20171865075
comment libXvMC is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436050
AND
comment libXvMC-devel is earlier than 0:1.0.10-1.el7
oval oval:com.redhat.rhsa:tst:20171865077
comment libXvMC-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436052
AND
comment libXxf86vm is earlier than 0:1.1.4-1.el7
oval oval:com.redhat.rhsa:tst:20171865079
comment libXxf86vm is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436058

AND

comment libXxf86vm-devel is earlier than 0:1.1.4-1.el7
oval oval:com.redhat.rhsa:tst:20171865081
comment libXxf86vm-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436060

AND
comment libxkbfile is earlier than 0:1.0.9-3.el7
oval oval:com.redhat.rhsa:tst:20171865083
comment libxkbfile is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865084

AND

comment libxkbfile-devel is earlier than 0:1.0.9-3.el7
oval oval:com.redhat.rhsa:tst:20171865085
comment libxkbfile-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865086

AND
comment libfontenc is earlier than 0:1.1.3-3.el7
oval oval:com.redhat.rhsa:tst:20171865087
comment libfontenc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865088

AND

comment libfontenc-devel is earlier than 0:1.1.3-3.el7
oval oval:com.redhat.rhsa:tst:20171865089
comment libfontenc-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865090

AND
comment libXfont is earlier than 0:1.5.2-1.el7
oval oval:com.redhat.rhsa:tst:20171865091
comment libXfont is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20111154002

AND

comment libXfont-devel is earlier than 0:1.5.2-1.el7
oval oval:com.redhat.rhsa:tst:20171865093
comment libXfont-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20111154004

AND

comment xkeyboard-config is earlier than 0:2.20-1.el7
oval oval:com.redhat.rhsa:tst:20171865095
comment xkeyboard-config is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436074

AND

comment xkeyboard-config-devel is earlier than 0:2.20-1.el7
oval oval:com.redhat.rhsa:tst:20171865097
comment xkeyboard-config-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436076

AND
comment libvdpau is earlier than 0:1.1.1-3.el7
oval oval:com.redhat.rhsa:tst:20171865099
comment libvdpau is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865100

AND

comment libvdpau-devel is earlier than 0:1.1.1-3.el7
oval oval:com.redhat.rhsa:tst:20171865101
comment libvdpau-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865102

AND
comment libvdpau-docs is earlier than 0:1.1.1-3.el7
oval oval:com.redhat.rhsa:tst:20171865103
comment libvdpau-docs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865104
AND
comment libXcursor is earlier than 0:1.1.14-8.el7
oval oval:com.redhat.rhsa:tst:20171865105
comment libXcursor is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436002

AND

comment libXcursor-devel is earlier than 0:1.1.14-8.el7
oval oval:com.redhat.rhsa:tst:20171865107
comment libXcursor-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436004

AND
comment libwacom is earlier than 0:0.24-1.el7
oval oval:com.redhat.rhsa:tst:20171865109
comment libwacom is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141376048
AND
comment libwacom-data is earlier than 0:0.24-1.el7
oval oval:com.redhat.rhsa:tst:20171865111
comment libwacom-data is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141376050
AND
comment libwacom-devel is earlier than 0:0.24-1.el7
oval oval:com.redhat.rhsa:tst:20171865113
comment libwacom-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141376052
AND
comment libinput is earlier than 0:1.6.3-2.el7
oval oval:com.redhat.rhsa:tst:20171865115
comment libinput is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865116

AND

comment libinput-devel is earlier than 0:1.6.3-2.el7
oval oval:com.redhat.rhsa:tst:20171865117
comment libinput-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865118

AND
comment vulkan is earlier than 0:1.0.39.1-2.el7
oval oval:com.redhat.rhsa:tst:20171865119
comment vulkan is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865120
AND
comment vulkan-devel is earlier than 0:1.0.39.1-2.el7
oval oval:com.redhat.rhsa:tst:20171865121
comment vulkan-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865122

AND

comment vulkan-filesystem is earlier than 0:1.0.39.1-2.el7
oval oval:com.redhat.rhsa:tst:20171865123
comment vulkan-filesystem is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865124

AND

comment mesa-private-llvm is earlier than 0:3.9.1-3.el7
oval oval:com.redhat.rhsa:tst:20171865125
comment mesa-private-llvm is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141376080

AND

comment mesa-private-llvm-devel is earlier than 0:3.9.1-3.el7
oval oval:com.redhat.rhsa:tst:20171865127
comment mesa-private-llvm-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141376082

AND
comment libX11 is earlier than 0:1.6.5-1.el7
oval oval:com.redhat.rhsa:tst:20171865129
comment libX11 is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436062
AND
comment libX11-common is earlier than 0:1.6.5-1.el7
oval oval:com.redhat.rhsa:tst:20171865131
comment libX11-common is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436064
AND
comment libX11-devel is earlier than 0:1.6.5-1.el7
oval oval:com.redhat.rhsa:tst:20171865133
comment libX11-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20141436066
AND
comment libXdmcp is earlier than 0:1.1.2-6.el7
oval oval:com.redhat.rhsa:tst:20171865135
comment libXdmcp is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865136

AND

comment libXdmcp-devel is earlier than 0:1.1.2-6.el7
oval oval:com.redhat.rhsa:tst:20171865137
comment libXdmcp-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865138

AND
comment libICE is earlier than 0:1.0.9-9.el7
oval oval:com.redhat.rhsa:tst:20171865139
comment libICE is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865140
AND
comment libICE-devel is earlier than 0:1.0.9-9.el7
oval oval:com.redhat.rhsa:tst:20171865141
comment libICE-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865142

AND

comment mesa-dri-drivers is earlier than 0:17.0.1-6.20170307.el7
oval oval:com.redhat.rhsa:tst:20171865143
comment mesa-dri-drivers is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141376128

AND

comment mesa-filesystem is earlier than 0:17.0.1-6.20170307.el7
oval oval:com.redhat.rhsa:tst:20171865145
comment mesa-filesystem is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865146

AND

comment mesa-libEGL is earlier than 0:17.0.1-6.20170307.el7
oval oval:com.redhat.rhsa:tst:20171865147
comment mesa-libEGL is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141376132

AND

comment mesa-libEGL-devel is earlier than 0:17.0.1-6.20170307.el7
oval oval:com.redhat.rhsa:tst:20171865149
comment mesa-libEGL-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141376134

AND

comment mesa-libGL is earlier than 0:17.0.1-6.20170307.el7
oval oval:com.redhat.rhsa:tst:20171865151
comment mesa-libGL is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141376136

AND

comment mesa-libGL-devel is earlier than 0:17.0.1-6.20170307.el7
oval oval:com.redhat.rhsa:tst:20171865153
comment mesa-libGL-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141376138

AND

comment mesa-libGLES is earlier than 0:17.0.1-6.20170307.el7
oval oval:com.redhat.rhsa:tst:20171865155
comment mesa-libGLES is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865156

AND

comment mesa-libGLES-devel is earlier than 0:17.0.1-6.20170307.el7
oval oval:com.redhat.rhsa:tst:20171865157
comment mesa-libGLES-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865158

AND

comment mesa-libOSMesa is earlier than 0:17.0.1-6.20170307.el7
oval oval:com.redhat.rhsa:tst:20171865159
comment mesa-libOSMesa is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141376144

AND

comment mesa-libOSMesa-devel is earlier than 0:17.0.1-6.20170307.el7
oval oval:com.redhat.rhsa:tst:20171865161
comment mesa-libOSMesa-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141376146

AND

comment mesa-libgbm is earlier than 0:17.0.1-6.20170307.el7
oval oval:com.redhat.rhsa:tst:20171865163
comment mesa-libgbm is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141376148

AND

comment mesa-libgbm-devel is earlier than 0:17.0.1-6.20170307.el7
oval oval:com.redhat.rhsa:tst:20171865165
comment mesa-libgbm-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhba:tst:20141376150

AND

comment mesa-libglapi is earlier than 0:17.0.1-6.20170307.el7
oval oval:com.redhat.rhsa:tst:20171865167
comment mesa-libglapi is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865168

AND

comment mesa-libxatracker is earlier than 0:17.0.1-6.20170307.el7
oval oval:com.redhat.rhsa:tst:20171865169
comment mesa-libxatracker is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865170

AND

comment mesa-libxatracker-devel is earlier than 0:17.0.1-6.20170307.el7
oval oval:com.redhat.rhsa:tst:20171865171
comment mesa-libxatracker-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865172

AND

comment mesa-vulkan-drivers is earlier than 0:17.0.1-6.20170307.el7
oval oval:com.redhat.rhsa:tst:20171865173
comment mesa-vulkan-drivers is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20171865174

rhsa

id	RHSA-2017:1865
released	2017-08-01
severity	Moderate
title	RHSA-2017:1865: X.org X11 libraries security, bug fix and enhancement update (Moderate)

rpms

drm-utils-0:2.4.74-1.el7
libICE-0:1.0.9-9.el7
libICE-debuginfo-0:1.0.9-9.el7
libICE-devel-0:1.0.9-9.el7
libX11-0:1.6.5-1.el7
libX11-common-0:1.6.5-1.el7
libX11-debuginfo-0:1.6.5-1.el7
libX11-devel-0:1.6.5-1.el7
libXaw-0:1.0.13-4.el7
libXaw-debuginfo-0:1.0.13-4.el7
libXaw-devel-0:1.0.13-4.el7
libXcursor-0:1.1.14-8.el7
libXcursor-debuginfo-0:1.1.14-8.el7
libXcursor-devel-0:1.1.14-8.el7
libXdmcp-0:1.1.2-6.el7
libXdmcp-debuginfo-0:1.1.2-6.el7
libXdmcp-devel-0:1.1.2-6.el7
libXfixes-0:5.0.3-1.el7
libXfixes-debuginfo-0:5.0.3-1.el7
libXfixes-devel-0:5.0.3-1.el7
libXfont-0:1.5.2-1.el7
libXfont-debuginfo-0:1.5.2-1.el7
libXfont-devel-0:1.5.2-1.el7
libXfont2-0:2.0.1-2.el7
libXfont2-debuginfo-0:2.0.1-2.el7
libXfont2-devel-0:2.0.1-2.el7
libXi-0:1.7.9-1.el7
libXi-debuginfo-0:1.7.9-1.el7
libXi-devel-0:1.7.9-1.el7
libXpm-0:3.5.12-1.el7
libXpm-debuginfo-0:3.5.12-1.el7
libXpm-devel-0:3.5.12-1.el7
libXrandr-0:1.5.1-2.el7
libXrandr-debuginfo-0:1.5.1-2.el7
libXrandr-devel-0:1.5.1-2.el7
libXrender-0:0.9.10-1.el7
libXrender-debuginfo-0:0.9.10-1.el7
libXrender-devel-0:0.9.10-1.el7
libXt-0:1.1.5-3.el7
libXt-debuginfo-0:1.1.5-3.el7
libXt-devel-0:1.1.5-3.el7
libXtst-0:1.2.3-1.el7
libXtst-debuginfo-0:1.2.3-1.el7
libXtst-devel-0:1.2.3-1.el7
libXv-0:1.0.11-1.el7
libXv-debuginfo-0:1.0.11-1.el7
libXv-devel-0:1.0.11-1.el7
libXvMC-0:1.0.10-1.el7
libXvMC-debuginfo-0:1.0.10-1.el7
libXvMC-devel-0:1.0.10-1.el7
libXxf86vm-0:1.1.4-1.el7
libXxf86vm-debuginfo-0:1.1.4-1.el7
libXxf86vm-devel-0:1.1.4-1.el7
libdrm-0:2.4.74-1.el7
libdrm-debuginfo-0:2.4.74-1.el7
libdrm-devel-0:2.4.74-1.el7
libepoxy-0:1.3.1-1.el7
libepoxy-debuginfo-0:1.3.1-1.el7
libepoxy-devel-0:1.3.1-1.el7
libevdev-0:1.5.6-1.el7
libevdev-debuginfo-0:1.5.6-1.el7
libevdev-devel-0:1.5.6-1.el7
libevdev-utils-0:1.5.6-1.el7
libfontenc-0:1.1.3-3.el7
libfontenc-debuginfo-0:1.1.3-3.el7
libfontenc-devel-0:1.1.3-3.el7
libinput-0:1.6.3-2.el7
libinput-debuginfo-0:1.6.3-2.el7
libinput-devel-0:1.6.3-2.el7
libvdpau-0:1.1.1-3.el7
libvdpau-debuginfo-0:1.1.1-3.el7
libvdpau-devel-0:1.1.1-3.el7
libvdpau-docs-0:1.1.1-3.el7
libwacom-0:0.24-1.el7
libwacom-data-0:0.24-1.el7
libwacom-debuginfo-0:0.24-1.el7
libwacom-devel-0:0.24-1.el7
libxcb-0:1.12-1.el7
libxcb-debuginfo-0:1.12-1.el7
libxcb-devel-0:1.12-1.el7
libxcb-doc-0:1.12-1.el7
libxkbcommon-0:0.7.1-1.el7
libxkbcommon-debuginfo-0:0.7.1-1.el7
libxkbcommon-devel-0:0.7.1-1.el7
libxkbcommon-x11-0:0.7.1-1.el7
libxkbcommon-x11-devel-0:0.7.1-1.el7
libxkbfile-0:1.0.9-3.el7
libxkbfile-debuginfo-0:1.0.9-3.el7
libxkbfile-devel-0:1.0.9-3.el7
mesa-debuginfo-0:17.0.1-6.20170307.el7
mesa-dri-drivers-0:17.0.1-6.20170307.el7
mesa-filesystem-0:17.0.1-6.20170307.el7
mesa-libEGL-0:17.0.1-6.20170307.el7
mesa-libEGL-devel-0:17.0.1-6.20170307.el7
mesa-libGL-0:17.0.1-6.20170307.el7
mesa-libGL-devel-0:17.0.1-6.20170307.el7
mesa-libGLES-0:17.0.1-6.20170307.el7
mesa-libGLES-devel-0:17.0.1-6.20170307.el7
mesa-libOSMesa-0:17.0.1-6.20170307.el7
mesa-libOSMesa-devel-0:17.0.1-6.20170307.el7
mesa-libgbm-0:17.0.1-6.20170307.el7
mesa-libgbm-devel-0:17.0.1-6.20170307.el7
mesa-libglapi-0:17.0.1-6.20170307.el7
mesa-libxatracker-0:17.0.1-6.20170307.el7
mesa-libxatracker-devel-0:17.0.1-6.20170307.el7
mesa-private-llvm-0:3.9.1-3.el7
mesa-private-llvm-debuginfo-0:3.9.1-3.el7
mesa-private-llvm-devel-0:3.9.1-3.el7
mesa-vulkan-drivers-0:17.0.1-6.20170307.el7
vulkan-0:1.0.39.1-2.el7
vulkan-debuginfo-0:1.0.39.1-2.el7
vulkan-devel-0:1.0.39.1-2.el7
vulkan-filesystem-0:1.0.39.1-2.el7
xcb-proto-0:1.12-2.el7
xkeyboard-config-0:2.20-1.el7
xkeyboard-config-devel-0:2.20-1.el7
xorg-x11-proto-devel-0:7.7-20.el7

refmap via4

bid	96480
confirm	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2626 https://cgit.freedesktop.org/xorg/lib/libICE/commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b
gentoo	GLSA-201704-03
misc	https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
mlist	[debian-lts-announce] 20191123 [SECURITY] [DLA 2002-1] libice security update [oss-security] 20190714 Fwd: [ANNOUNCE] libICE 1.0.10
sectrack	1037919

Last major update

12-02-2023 - 23:29

Published

27-07-2018 - 19:29

Last modified

12-02-2023 - 23:29