diff options
| author | zeising <zeising@FreeBSD.org> | 2019-03-22 12:08:55 +0800 |
|---|---|---|
| committer | zeising <zeising@FreeBSD.org> | 2019-03-22 12:08:55 +0800 |
| commit | ee81885cf13763e52e9f9357dcc291e62b61682c (patch) | |
| tree | 8be00ad5179848a99da590d3d7da00d2808c4906 /security | |
| parent | 5768c6c71e6050bbdfe03ee12c44a8f511b2a113 (diff) | |
| download | freebsd-ports-gnome-ee81885cf13763e52e9f9357dcc291e62b61682c.tar.gz freebsd-ports-gnome-ee81885cf13763e52e9f9357dcc291e62b61682c.tar.zst freebsd-ports-gnome-ee81885cf13763e52e9f9357dcc291e62b61682c.zip | |
Update the libXdmcp entry to make it clearer.
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 6d4957094a92..7f30d5b1ef3c 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -132,8 +132,9 @@ Notes: <body xmlns="http://www.w3.org/1999/xhtml"> <p>The freedesktop and x.org project reports:</p> <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-2625"> - <p>It was discovered that libXdmcp before 1.1.3 including used weak - entropy to generate session keys. On a multi-user system using + <p>It was discovered that libXdmcp before 1.1.3 used weak + entropy to generate session keys on platforms without + arc4random_buf() but with getentropy(). On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.</p> @@ -150,6 +151,7 @@ Notes: <dates> <discovery>2017-04-04</discovery> <entry>2019-03-21</entry> + <modified>2019-03-22</modified> </dates> </vuln> |