George Lebl

**Name of the Vulnerable Software and Affected Versions** XFree86-base-fonts versions 4.3.0 XFree86 versions 4.3.0 kdebase-devel versions 3.0.5a XFree86-sdk versions 4.3.0 XFree86-100dpi-fonts versions 4.3.0 kdebase versions 3.0.5a, 2.2.2 XFree86-twm versions 4.3.0 XFree86-ISO8859-2-100dpi-fonts versions 4.3.0 XFree86-75dpi-fonts versions 4.3.0 XFree86-ISO8859-9-100dpi-fonts versions 4.3.0 XFree86-devel versions 4.3.0 XFree86-truetype-fonts versions 4.3.0 XFree86-Mesa-libGLU versions 4.3.0 XFree86-Xvfb versions 4.3.0 XFree86-syriac-fonts versions 4.3.0 XFree86-Mesa-libGL versions 4.3.0 XFree86-ISO8859-14-100dpi-fonts versions 4.3.0 XFree86-ISO8859-14-75dpi-fonts versions 4.3.0 XFree86-ISO8859-9-75dpi-fonts versions 4.3.0 XFree86-ISO8859-15-75dpi-fonts versions 4.3.0 XFree86-xdm versions 4.3.0 XFree86-tools versions 4.3.0 XFree86-doc versions 4.3.0 XFree86-ISO8859-15-100dpi-fonts versions 4.3.0 XFree86-libs versions 4.3.0 XFree86-Xnest versions 4.3.0 XFree86-xfs versions 4.3.0 XFree86-xauth versions 4.3.0 XFree86-libs-data versions 4.3.0 XFree86-ISO8859-2-75dpi-fonts versions 4.3.0 XFree86-cyrillic-fonts versions 4.3.0 kdebase-devel versions 2.2.2 XFree86-font-utils versions 4.3.0 **Description** The issue affects multiple packages of the Red Hat Linux operating system, including XFree86 and KDE components. Exploitation of these vulnerabilities can lead to a breach of confidentiality, integrity, and availability of protected information. The vulnerabilities can be exploited remotely. In the case of KDM in KDE 3.1.3 and earlier, a weak session cookie generation algorithm is used, which does not provide 128 bits of entropy, allowing attackers to guess session cookies via brute force methods and gain access to the user session. **Recommendations** For XFree86-base-fonts version 4.3.0, update to a newer version. For XFree86 version 4.3.0, update to a newer version. For kdebase-devel version 3.0.5a, update to a newer version. For XFree86-sdk version 4.3.0, update to a newer version. For XFree86-100dpi-fonts version 4.3.0, update to a newer version. For kdebase versions 3.0.5a and 2.2.2, update to a newer version. For XFree86-twm version 4.3.0, update to a newer version. For XFree86-ISO8859-2-100dpi-fonts version 4.3.0, update to a newer version. For XFree86-75dpi-fonts version 4.3.0, update to a newer version. For XFree86-ISO8859-9-100dpi-fonts version 4.3.0, update to a newer version. For XFree86-devel version 4.3.0, update to a newer version. For XFree86-truetype-fonts version 4.3.0, update to a newer version. For XFree86-Mesa-libGLU version 4.3.0, update to a newer version. For XFree86-Xvfb version 4.3.0, update to a newer version. For XFree86-syriac-fonts version 4.3.0, update to a newer version. For XFree86-Mesa-libGL version 4.3.0, update to a newer version. For XFree86-ISO8859-14-100dpi-fonts version 4.3.0, update to a newer version. For XFree86-ISO8859-14-75dpi-fonts version 4.3.0, update to a newer version. For XFree86-ISO8859-9-75dpi-fonts version 4.3.0, update to a newer version. For XFree86-ISO8859-15-75dpi-fonts version 4.3.0, update to a newer version. For XFree86-xdm version 4.3.0, update to a newer version. For XFree86-tools version 4.3.0, update to a newer version. For XFree86-doc version 4.3.0, update to a newer version. For XFree86-ISO8859-15-100dpi-fonts version 4.3.0, update to a newer version. For XFree86-libs version 4.3.0, update to a newer version. For XFree86-Xnest version 4.3.0, update to a newer version. For XFree86-xfs version 4.3.0, update to a newer version. For XFree86-xauth version 4.3.0, update to a newer version. For XFree86-libs-data version 4.3.0, update to a newer version. For XFree86-ISO8859-2-75dpi-fonts version 4.3.0, update to a newer version. For XFree86-cyrillic-fonts version 4.3.0, update to a newer version. For kdebase-devel version 2.2.2, update to a newer version. For XFree86-font-utils version 4.3.0, update to a newer version. As a temporary workaround, consider disabling the weak session cookie generation algorithm in KDM until a patch is available.