{"id":"MGASA-2017-0330","summary":"Updated libxdmcp packages fix security vulnerability","details":"XDM uses weak entropy to generate the session keys on non BSD systems.\nOn multi user systems it might possible to check the PID of the process\nand how long it is running to get an estimate of these values, which\ncould allow an attacker to attach to the session of a different user\n(CVE-2017-2625).\n","modified":"2026-01-30T16:55:20.847782Z","published":"2017-09-07T09:07:16Z","related":["CVE-2017-2625"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0330.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20377"},{"type":"REPORT","url":"https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"}],"affected":[{"package":{"name":"libxdmcp","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/libxdmcp?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.1-7.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0330.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}