FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 05:42:14 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
1b6a10e9-4b7b-11e9-9e89-54e1ad3d6335	libXdmcp -- insufficient entropy generating session keys The freedesktop and x.org project reports: It was discovered that libXdmcp before 1.1.3 used weak entropy to generate session keys on platforms without arc4random_buf() but with getentropy(). On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions. Please note, that since FreeBSD provides arc4random_buf(), it is unknown if FreeBSD is affected by this vulnerability Discovery 2017-04-04 Entry 2019-03-21 Modified 2019-03-22 libXdmcp < 1.1.3 https://nvd.nist.gov/vuln/detail/CVE-2017-2625 https://lists.x.org/archives/xorg-announce/2019-March/002974.html CVE-2017-2625

VuXML ID

Description

1b6a10e9-4b7b-11e9-9e89-54e1ad3d6335

libXdmcp -- insufficient entropy generating session keys

The freedesktop and x.org project reports:

It was discovered that libXdmcp before 1.1.3 used weak entropy to generate session keys on platforms without arc4random_buf() but with getentropy(). On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions.

Please note, that since FreeBSD provides arc4random_buf(), it is unknown if FreeBSD is affected by this vulnerability

Discovery 2017-04-04
Entry 2019-03-21
Modified 2019-03-22
libXdmcp

< 1.1.3

https://nvd.nist.gov/vuln/detail/CVE-2017-2625
https://lists.x.org/archives/xorg-announce/2019-March/002974.html
CVE-2017-2625