[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Fwd: [ANNOUNCE] libICE 1.0.10
From: Alan Coopersmith <alan.coopersmith () oracle ! com>
Date: 2019-07-14 17:59:24
Message-ID: d24b7c57-3e3e-1d98-6775-a3c15bd08835 () oracle ! com
[Download RAW message or body]
[Attachment #2 (multipart/mixed)]
[Attachment #4 (multipart/mixed)]
The CVE-2017-2626 issue was already disclosed at:
https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
https://www.openwall.com/lists/oss-security/2017/02/28/3
This just upgrades the fix from a git commit/patch to a released tarball.=
-Alan Coopersmith- alan.coopersmith@oracle.com
X.Org Security Response Team - xorg-security@lists.x.org
["[ANNOUNCE] libICE 1_0_10.eml" (message/rfc822)]
[Attachment #9 (multipart/signed)]
libICE provides the API for the Inter-Client Exchange protocol.
This release provides a fix for CVE-2017-2626 for platforms which don't have
arc4random_buf() in their default libraries but do have getentropy(), such
as Linux platforms with a kernel version of 3.17 or newer and a glibc version
of 2.25 or newer. (libICE 1.0.9 already ensured that arc4random_buf()
is used on platforms that have it to provide sufficient entropy in ICE
key generation, but left other platforms with the weaker methods. Linux
platforms could also have linked against libbsd to use arc4random_buf()
with libICE 1.0.9 for stronger keys.)
Alan Coopersmith (7):
spec: Convert troff \*Q..\*U to DocBook <quote>...</quote>
Remove obsolete B16 & B32 tags in struct definitions
Update README for gitlab migration
Update configure.ac bug URL for gitlab migration
IceOpenConnection: check for malloc failure on connect_to_you too
IceWritePad: always use zero values for pad bytes
libICE 1.0.10
Allison Lortie (2):
authutil: fix an out-of-bounds access
authutil: support $XDG_RUNTIME_DIR/ICEauthority
Benjamin Tissoires (1):
Use getentropy() if arc4random_buf() is not available
Emil Velikov (6):
autogen.sh: use quoted string variables
Kill off Strstr macro
Kill off Time_t macro
Remove unneeded ^L symbols.
Kill off local ICE_t definitions
configure.ac: set TRANS_CLIENT/SERVER
Eric Engestrom (3):
Make sure errorStr is a free-able string
Make sure error_message is a free-able string
Make sure string is never NULL
Jon TURNEY (1):
Include unistd.h for getpid()
Mihail Konev (1):
autogen: add default patch prefix
Olivier Fourdan (3):
IceListenForWellKnownConnections: Fix memleak
_IceRead: Avoid possible use-after-free
cleanup: Separate variable assignment and test
Peter Hutterer (1):
autogen.sh: use exec instead of waiting for configure to finish
Remko van der Vossen (1):
Bug 90616 - libICE build fails on array bounds check
Tobias Stoeckmann (2):
Fix use after free on subsequent calls
Always terminate strncpy results.
walter harms (3):
Drop NULL check prior to free()
make IceProtocolShutdown() more readable
iceauth.c: FIX warning: unused variable 'ret' in 'arc4random_buf'
git tag: libICE-1.0.10
https://xorg.freedesktop.org/archive/individual/lib/libICE-1.0.10.tar.bz2
MD5: 76d77499ee7120a56566891ca2c0dbcf libICE-1.0.10.tar.bz2
SHA1: 5b5eb125d4f43a3ab8153b0f850963ee6c982c24 libICE-1.0.10.tar.bz2
SHA256: 6f86dce12cf4bcaf5c37dddd8b1b64ed2ddf1ef7b218f22b9942595fb747c348 libICE-1.0.10.tar.bz2
SHA512: 2f1ef2c32c833c71894a08fa7e7ed53f301f6c7bd22485d71c12884d8e8b36b99f362ec886349dcc84d08edc81c8b2cea035320831d64974edeba021b433c468 \
libICE-1.0.10.tar.bz2
PGP: https://xorg.freedesktop.org/archive/individual/lib/libICE-1.0.10.tar.bz2.sig
https://xorg.freedesktop.org/archive/individual/lib/libICE-1.0.10.tar.gz
MD5: 25825f4caca2f75b112f287849455f15 libICE-1.0.10.tar.gz
SHA1: b042c56b8a9cb42324c1ee7c8ac43f1bb54cc835 libICE-1.0.10.tar.gz
SHA256: 1116bc64c772fd127a0d0c0ffa2833479905e3d3d8197740b3abd5f292f22d2d libICE-1.0.10.tar.gz
SHA512: 2d4757f7325eb01180b5d7433cc350eb9606bd3afe82dabc8aa164feda75ef03a0624d74786e655c536c24a80d0ccb2f1e3ecbb04d3459b23f85455006ca8a91 \
libICE-1.0.10.tar.gz
PGP: https://xorg.freedesktop.org/archive/individual/lib/libICE-1.0.10.tar.gz.sig
--
-Alan Coopersmith- alan.coopersmith@oracle.com
Oracle Solaris Engineering - https://blogs.oracle.com/alanc
["signature.asc" (application/pgp-signature)]
[Attachment #13 (text/plain)]
_______________________________________________
xorg@lists.x.org: X.Org support
Archives: http://lists.freedesktop.org/archives/xorg
Info: https://lists.x.org/mailman/listinfo/xorg
Your subscription address: %(user_address)s
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic