Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2017-2626

Published: 27 July 2018

It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
libice
Launchpad, Ubuntu, Debian
artful Not vulnerable
(2:1.0.9-2)
bionic
Released (2:1.0.9-2ubuntu0.18.04.1)
cosmic Not vulnerable
(2:1.0.9-2)
disco Not vulnerable
(2:1.0.9-2)
eoan Not vulnerable
(2:1.0.9-2)
focal Not vulnerable
(2:1.0.9-2)
groovy Not vulnerable
(2:1.0.9-2)
hirsute Not vulnerable
(2:1.0.9-2)
impish Not vulnerable
(2:1.0.9-2)
jammy Not vulnerable
(2:1.0.9-2)
kinetic Not vulnerable
(2:1.0.9-2)
precise Does not exist
(precise was needed)
trusty Does not exist
(trusty was needed)
upstream
Released (2:1.0.9-2)
xenial
Released (2:1.0.9-1ubuntu0.16.04.1+esm1)
yakkety Ignored
(reached end-of-life)
zesty Ignored
(reached end-of-life)
Patches:
upstream: https://cgit.freedesktop.org/xorg/lib/libICE/commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b