| Package | libxdmcp |
|---|---|
| Version | 1:1.1.1-1+deb8u3 (jessie) |
| Related CVEs | CVE-2017-2625 |
It was found that libxdmcp 1:1.1.1-1+deb8u1 released as DLA-2006-1 did not properly apply the fix for CVE-2017-2625. That has been corrected now, the description for that issue follows:
libxdmcp, the X11 Display Manager Control Protocol library, used weak entropy to generate the session keys. A local attacker could brute force the keys to connect to another user’s session.
For Debian 8 jessie, these problems have been fixed in version 1:1.1.1-1+deb8u3.
We recommend that you upgrade your libxdmcp packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.