{"id":"UBUNTU-CVE-2017-2626","details":"It was discovered that libICE before 1.0.9-8 used a weak entropy to generate keys. A local attacker could potentially use this flaw for session hijacking using the information available from the process list.","modified":"2026-01-30T01:59:50.489577Z","published":"2018-07-27T19:29:00Z","related":["USN-5744-1"],"upstream":["CVE-2017-2626"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-2626"},{"type":"REPORT","url":"https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"},{"type":"REPORT","url":"http://openwall.com/lists/oss-security/2017/03/01/1"},{"type":"REPORT","url":"https://cgit.freedesktop.org/xorg/lib/libICE/commit/?id=ff5e59f32255913bb1cdf51441b98c9107ae165b"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-5744-1"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2017-2626"}],"affected":[{"package":{"name":"libice","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/libice@2:1.0.9-1ubuntu0.16.04.1+esm1?arch=source&distro=esm-infra/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:1.0.9-1ubuntu0.16.04.1+esm1"}]}],"versions":["2:1.0.9-1"],"ecosystem_specific":{"binaries":[{"binary_name":"libice-dev","binary_version":"2:1.0.9-1ubuntu0.16.04.1+esm1"},{"binary_name":"libice6","binary_version":"2:1.0.9-1ubuntu0.16.04.1+esm1"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-2626.json"}},{"package":{"name":"libice","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/libice@2:1.0.9-2ubuntu0.18.04.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:1.0.9-2ubuntu0.18.04.1"}]}],"versions":["2:1.0.9-2"],"ecosystem_specific":{"binaries":[{"binary_name":"libice-dev","binary_version":"2:1.0.9-2ubuntu0.18.04.1"},{"binary_name":"libice6","binary_version":"2:1.0.9-2ubuntu0.18.04.1"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-2626.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:L"},{"type":"Ubuntu","score":"low"}]}