| Package | libice |
|---|---|
| Version | 2:1.0.8-2+deb7u1 |
| Related CVEs | CVE-2017-2626 |
It has been found, that libice, an X11 Inter-Client Exchange library, uses weak entropy to generate keys. Using arc4random_buf() from libbsd should avoid this flaw.
For Debian 7 Wheezy, these problems have been fixed in version 2:1.0.8-2+deb7u1.
We recommend that you upgrade your libice packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.