ELSA-2021-1783

Опубликовано: 25 мая 2021

Источник: oracle-oval

Платформа: Oracle Linux 8

Описание

ELSA-2021-1783: tigervnc security, bug fix, and enhancement update (MODERATE)

[1.11.0-6]

Use GNOME as default session Resolves: bz#1853608

[1.11.0-5]

Make sure we log properly output to journal (actually log to syslog) Resolves: bz#1841537

[1.11.0-4]

Make sure we log properly output to journal Resolves: bz#1841537

[1.11.0-3]

vncserver: ignore new 'session' parameter from the new systemd support Resolves: bz#1897504

[1.11.0-2]

Revert removal of vncserver Resolves: bz#1897504
Correctly start vncsession as a daemon Resolves: bz#1897498

[1.11.0-1]

Update to 1.11.0 Resolves: bz#1880985
Backport fix to allow Tigervnc use boolean values in config files Resolves: bz#1883415

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

tigervnc

1.11.0-6.el8

tigervnc-icons

1.11.0-6.el8

tigervnc-license

1.11.0-6.el8

tigervnc-selinux

1.11.0-6.el8

tigervnc-server

1.11.0-6.el8

tigervnc-server-minimal

1.11.0-6.el8

tigervnc-server-module

1.11.0-6.el8

Oracle Linux x86_64

tigervnc

1.11.0-6.el8

tigervnc-icons

1.11.0-6.el8

tigervnc-license

1.11.0-6.el8

tigervnc-selinux

1.11.0-6.el8

tigervnc-server

1.11.0-6.el8

tigervnc-server-minimal

1.11.0-6.el8

tigervnc-server-module

1.11.0-6.el8

Связанные CVE

CVE-2020-26117

Ссылки на источники

Связанные уязвимости

CVE-2020-26117

CVSS3: 8.1

ubuntu

больше 5 лет назад

In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception.