Wind River Support Network

HomeDefectsLIN10-4398

Fixed

LIN10-4398 : Security Advisory - libxdmcp - CVE-2017-2625

Created: Jul 31, 2018 Updated: Dec 3, 2018

Resolved Date: Aug 9, 2018

Found In Version: 10.17.41.1

Fix Version: 10.17.41.10

Severity: Standard

Applicable for: Wind River Linux LTS 17

Component/s: Userspace

Description

It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.

https://nvd.nist.gov/vuln/detail/CVE-2017-2625

Other Downloads

Wind River Linux LTS 10.17.41.10
Wind River Linux LTS 10.17.41.11
Wind River Linux LTS 10.17.41.12
Wind River Linux LTS 10.17.41.13
Wind River Linux LTS 10.17.41.14
Wind River Linux LTS 10.17.41.15
Wind River Linux LTS 10.17.41.16
Wind River Linux LTS 10.17.41.17
Wind River Linux LTS 10.17.41.18
Wind River Linux LTS 10.17.41.20
Wind River Linux LTS 10.17.41.21
Wind River Linux LTS 10.17.41.22
Wind River Linux LTS 10.17.41.23
Wind River Linux LTS 10.17.41.24
Wind River Linux LTS 10.17.41.25
Wind River Linux LTS 10.17.41.26
Wind River Linux LTS 10.17.41.27

CVEs

CVE-2017-2625