Debian 10020 Published by

A libxdmcp security update has been released for Debian GNU/Linux 8 Extended LTS to address an issue where libxdmcp used weak entropy to generate the session keys.

ELA-708-1 libxdmcp security update

Package libxdmcp
Version 1:1.1.1-1+deb8u3 (jessie)
Related CVEs CVE-2017-2625

It was found that libxdmcp 1:1.1.1-1+deb8u1 released as DLA-2006-1 did not properly apply the fix for CVE-2017-2625. That has been corrected now, the description for that issue follows:

libxdmcp, the X11 Display Manager Control Protocol library, used weak entropy to generate the session keys. A local attacker could brute force the keys to connect to another user’s session.

For Debian 8 jessie, these problems have been fixed in version 1:1.1.1-1+deb8u3.

We recommend that you upgrade your libxdmcp packages.

Further information about Extended LTS security advisories can be found at: debian Extended Long term support

  ELA-708-1 libxdmcp security update