Описание
Moderate: tigervnc security, bug fix, and enhancement update
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
The following packages have been upgraded to a later upstream version: tigervnc (1.11.0). (BZ#1880985)
Security Fix(es):
- tigervnc: certificate exceptions stored as authorities (CVE-2020-26117)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section.
Затронутые продукты
Rocky Linux 8
Связанные CVE
Исправления
- Red Hat - 1841537
- Red Hat - 1853608
- Red Hat - 1880985
- Red Hat - 1882841
- Red Hat - 1883415
- Red Hat - 1897498
- Red Hat - 1897504
Связанные уязвимости
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception.
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception.
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception.
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1 ...
