[SECURITY] [DLA 2002-1] libice security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2002-1] libice security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sat, 23 Nov 2019 20:04:18 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.20.1911232003230.26947@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libice
Version        : 2:1.0.9-1+deb8u1
CVE ID         : CVE-2017-2626


It has been found, that libice, an X11 Inter-Client Exchange library,
uses weak entropy to generate keys.

Using arc4random_buf() from libbsd should avoid this flaw.


For Debian 8 "Jessie", this problem has been fixed in version
2:1.0.9-1+deb8u1.

We recommend that you upgrade your libice packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl3ZgrNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEd4VA//YheCcSA/+bFgSvOmJU9FLu8L1UY4Y0Va7A1mOFFkTyIlx+PnQ2IfZB9N
ZdZmxZVFUW+rptVewuhKNHnE/0A169aFxwpQLPn4JkkR438fuWBB9Nq9q/OIfWEk
5tPB+z5QhcrPNuMUwQbnizTzK/XkBvimvFrI+0mfSoHmMSGUJOrHMjRibYX5IRrP
OyZxkmdKLqzG/t3lpSM9lBo0aeKn2Wr373TS/wTrzRmErUrV4T9EoP5y7/njBPLx
n9l9unM0Noj74ngZ7l3r96VHnolTM2z+4trDuiaFxPidyzp1Cw5ko33z+5zHxrBF
5J5O35Jjhi+9/GeCN47jnPWeBllI4srQix/QVwTMRjLcow/2xrR7whBDTz9KRbJ+
un32zndAhjwpGb+SA06/ZHgE5Ss8xiQEVRsQYYayhF46zmO27/pGC5BU6BeeO69X
fR/y2Ew7LB/K0szhjasBUIhUtgjC0IqoFi9b02L7hl4ctm6xS8buSAe6HCH1n/zM
pgBHazvm7etGSCDraV4CSNujpn2nH2lI5gIcC+qku1/MEQQ3n7ikmzn0/yor5BOy
O7IMI0arJT3J11WIVuYCmjdAPVMnWLDJeEkrgDiHgU26JUDMrOpdWx6A/eNUHYqr
HVY1nTgtVAbkR1FGcG4wg5sdWlL+zjrXDZuxSFVUBbjWpM6OTGY=
=3/0/
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2001-1] libofx security update
Next by Date: [SECURITY] [DLA 2003-1] isc-dhcp security update
Previous by thread: [SECURITY] [DLA 2001-1] libofx security update
Next by thread: [SECURITY] [DLA 2003-1] isc-dhcp security update
Index(es):
- Date
- Thread