SUSE-SU-2020:2880-1

Опубликовано: 09 окт. 2020

Источник: suse-cvrf

Описание

Security update for tigervnc

This update for tigervnc fixes the following issues:

CVE-2020-26117: Server certificates were stored as certiticate authorities, allowing malicious owners of these certificates to impersonate any server after a client had added an exception (bsc#1176733)

Список пакетов

Image SLES15-SP1-SAP-Azure

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP1-SAP-Azure-BYOS

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP1-SAP-EC2-HVM

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP1-SAP-EC2-HVM-BYOS

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP1-SAP-GCE

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP1-SAP-GCE-BYOS

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP1-SAP-OCI-BYOS

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP1-SAPCAL-Azure

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP1-SAPCAL-EC2-HVM

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP1-SAPCAL-GCE

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP2-SAP-Azure

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP2-SAP-BYOS-Azure

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP2-SAP-BYOS-GCE

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP2-SAP-EC2-HVM

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP2-SAP-GCE

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP3-EC2-HVM

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP3-SAP-Azure

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP3-SAP-BYOS-Azure

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP3-SAP-BYOS-GCE

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP3-SAP-EC2-HVM

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP3-SAP-GCE

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP3-SAPCAL-Azure

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP3-SAPCAL-EC2-HVM

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP3-SAPCAL-GCE

libXvnc1-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

SUSE Linux Enterprise Module for Basesystem 15 SP1

libXvnc1-1.9.0-19.9.1

tigervnc-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

xorg-x11-Xvnc-module-1.9.0-19.9.1

xorg-x11-Xvnc-novnc-1.9.0-19.9.1

SUSE Linux Enterprise Module for Basesystem 15 SP2

libXvnc1-1.9.0-19.9.1

tigervnc-1.9.0-19.9.1

xorg-x11-Xvnc-1.9.0-19.9.1

xorg-x11-Xvnc-module-1.9.0-19.9.1

xorg-x11-Xvnc-novnc-1.9.0-19.9.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP1

libXvnc-devel-1.9.0-19.9.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP2

libXvnc-devel-1.9.0-19.9.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20202880-1/
Link for SUSE-SU-2020:2880-1
https://lists.suse.com/pipermail/sle-security-updates/2020-October/007537.html
E-Mail link for SUSE-SU-2020:2880-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1176733
SUSE Bug 1176733
https://www.suse.com/security/cve/CVE-2020-26117/
SUSE CVE CVE-2020-26117 page

Описание

In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception.

Затронутые продукты

Image SLES15-SP1-SAP-Azure-BYOS:libXvnc1-1.9.0-19.9.1

Image SLES15-SP1-SAP-Azure-BYOS:xorg-x11-Xvnc-1.9.0-19.9.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:libXvnc1-1.9.0-19.9.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:xorg-x11-Xvnc-1.9.0-19.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-26117.html
CVE-2020-26117
https://bugzilla.suse.com/1176733
SUSE Bug 1176733

SUSE-SU-2020:2880-1

Описание

Список пакетов

Image SLES15-SP1-SAP-Azure

Image SLES15-SP1-SAP-Azure-BYOS

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP1-SAP-EC2-HVM

Image SLES15-SP1-SAP-EC2-HVM-BYOS

Image SLES15-SP1-SAP-GCE

Image SLES15-SP1-SAP-GCE-BYOS

Image SLES15-SP1-SAP-OCI-BYOS

Image SLES15-SP1-SAPCAL-Azure

Image SLES15-SP1-SAPCAL-EC2-HVM

Image SLES15-SP1-SAPCAL-GCE

Image SLES15-SP2-SAP-Azure

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP2-SAP-BYOS-Azure

Image SLES15-SP2-SAP-BYOS-EC2-HVM

Image SLES15-SP2-SAP-BYOS-GCE

Image SLES15-SP2-SAP-EC2-HVM

Image SLES15-SP2-SAP-GCE

Image SLES15-SP3-EC2-HVM

Image SLES15-SP3-SAP-Azure

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP3-SAP-BYOS-Azure

Image SLES15-SP3-SAP-BYOS-EC2-HVM

Image SLES15-SP3-SAP-BYOS-GCE

Image SLES15-SP3-SAP-EC2-HVM

Image SLES15-SP3-SAP-GCE

Image SLES15-SP3-SAPCAL-Azure

Image SLES15-SP3-SAPCAL-EC2-HVM

Image SLES15-SP3-SAPCAL-GCE

SUSE Linux Enterprise Module for Basesystem 15 SP1

SUSE Linux Enterprise Module for Basesystem 15 SP2

SUSE Linux Enterprise Module for Desktop Applications 15 SP1

SUSE Linux Enterprise Module for Desktop Applications 15 SP2

Ссылки

Уязвимость: CVE-2020-26117

Описание

Затронутые продукты

Ссылки