diff options
author | Niclas Zeising <zeising@FreeBSD.org> | 2019-03-22 04:08:55 +0000 |
---|---|---|
committer | Niclas Zeising <zeising@FreeBSD.org> | 2019-03-22 04:08:55 +0000 |
commit | 9014201185ecfd1a39da312fee20f68e556eabc4 (patch) | |
tree | 8be00ad5179848a99da590d3d7da00d2808c4906 /security | |
parent | e365f55ff8ddb5639fb69ee88a569942856bc9dd (diff) | |
download | ports-9014201185ecfd1a39da312fee20f68e556eabc4.tar.gz ports-9014201185ecfd1a39da312fee20f68e556eabc4.zip |
Notes
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 6d4957094a92..7f30d5b1ef3c 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -132,8 +132,9 @@ Notes: <body xmlns="http://www.w3.org/1999/xhtml"> <p>The freedesktop and x.org project reports:</p> <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-2625"> - <p>It was discovered that libXdmcp before 1.1.3 including used weak - entropy to generate session keys. On a multi-user system using + <p>It was discovered that libXdmcp before 1.1.3 used weak + entropy to generate session keys on platforms without + arc4random_buf() but with getentropy(). On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.</p> @@ -150,6 +151,7 @@ Notes: <dates> <discovery>2017-04-04</discovery> <entry>2019-03-21</entry> + <modified>2019-03-22</modified> </dates> </vuln> |