Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 502
Alerts This Week
Warning Icon 1 502

Ubuntu 18.04 LTS USN-5744-1 Critical: LibICE Session Cookies Issue

ubuntu
Calendar Grey November 28, 2022
Dist Ubuntu Esm H88
Insecure session tokens in libICE could reveal confidential data. Ensure your Ubuntu systems are updated to enhance security.
Weak session cookies generated using libICE could allow sensitive information to be exposed.

Summary

Weak session cookies generated using libICE could allow sensitive

information to be exposed.

Software Description:

- libice: X11 Inter-Client Exchange library (development headers)

Details:

It was discovered that libICE was using a weak mechanism to generate the

session cookies. A local attacker could possibly use this issue to perform

a privilege escalation attack.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  libice-dev                      2:1.0.9-2ubuntu0.18.04.1
  libice6                         2:1.0.9-2ubuntu0.18.04.1

Ubuntu 16.04 ESM:
  libice-dev                      2:1.0.9-1ubuntu0.16.04.1+esm1
  libice6                         2:1.0.9-1ubuntu0.16.04.1+esm1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-5744-1

CVE-2017-2626

Severity
critical
Lowest
Low
Medium
High
Critical

November 28, 2022

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.