Описание
Security update for tigervnc
This update for tigervnc fixes the following issues:
- CVE-2020-26117: Server certificates were stored as certiticate authorities, allowing malicious owners of these certificates to impersonate any server after a client had added an exception (bsc#1176733)
Список пакетов
Image SLES12-SP4-SAP-Azure
libXvnc1-1.6.0-22.17.1
xorg-x11-Xvnc-1.6.0-22.17.1
Image SLES12-SP4-SAP-Azure-BYOS
libXvnc1-1.6.0-22.17.1
xorg-x11-Xvnc-1.6.0-22.17.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
libXvnc1-1.6.0-22.17.1
xorg-x11-Xvnc-1.6.0-22.17.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
libXvnc1-1.6.0-22.17.1
xorg-x11-Xvnc-1.6.0-22.17.1
Image SLES12-SP4-SAP-EC2-HVM
libXvnc1-1.6.0-22.17.1
xorg-x11-Xvnc-1.6.0-22.17.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
libXvnc1-1.6.0-22.17.1
xorg-x11-Xvnc-1.6.0-22.17.1
Image SLES12-SP4-SAP-GCE
libXvnc1-1.6.0-22.17.1
xorg-x11-Xvnc-1.6.0-22.17.1
Image SLES12-SP4-SAP-GCE-BYOS
libXvnc1-1.6.0-22.17.1
xorg-x11-Xvnc-1.6.0-22.17.1
Image SLES12-SP4-SAP-OCI-BYOS
libXvnc1-1.6.0-22.17.1
xorg-x11-Xvnc-1.6.0-22.17.1
Image SLES12-SP5-Azure-SAP-BYOS
libXvnc1-1.6.0-22.17.1
xorg-x11-Xvnc-1.6.0-22.17.1
Image SLES12-SP5-Azure-SAP-On-Demand
libXvnc1-1.6.0-22.17.1
xorg-x11-Xvnc-1.6.0-22.17.1
Image SLES12-SP5-EC2-SAP-BYOS
libXvnc1-1.6.0-22.17.1
xorg-x11-Xvnc-1.6.0-22.17.1
Image SLES12-SP5-EC2-SAP-On-Demand
libXvnc1-1.6.0-22.17.1
xorg-x11-Xvnc-1.6.0-22.17.1
Image SLES12-SP5-GCE-SAP-BYOS
libXvnc1-1.6.0-22.17.1
xorg-x11-Xvnc-1.6.0-22.17.1
Image SLES12-SP5-GCE-SAP-On-Demand
libXvnc1-1.6.0-22.17.1
xorg-x11-Xvnc-1.6.0-22.17.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
libXvnc1-1.6.0-22.17.1
xorg-x11-Xvnc-1.6.0-22.17.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libXvnc1-1.6.0-22.17.1
xorg-x11-Xvnc-1.6.0-22.17.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libXvnc1-1.6.0-22.17.1
xorg-x11-Xvnc-1.6.0-22.17.1
SUSE Linux Enterprise Server 12 SP4-LTSS
libXvnc1-1.6.0-22.17.1
tigervnc-1.6.0-22.17.1
xorg-x11-Xvnc-1.6.0-22.17.1
SUSE Linux Enterprise Server 12 SP5
libXvnc1-1.6.0-22.17.1
tigervnc-1.6.0-22.17.1
xorg-x11-Xvnc-1.6.0-22.17.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libXvnc1-1.6.0-22.17.1
tigervnc-1.6.0-22.17.1
xorg-x11-Xvnc-1.6.0-22.17.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libXvnc1-1.6.0-22.17.1
tigervnc-1.6.0-22.17.1
xorg-x11-Xvnc-1.6.0-22.17.1
SUSE OpenStack Cloud 9
libXvnc1-1.6.0-22.17.1
tigervnc-1.6.0-22.17.1
xorg-x11-Xvnc-1.6.0-22.17.1
SUSE OpenStack Cloud Crowbar 9
libXvnc1-1.6.0-22.17.1
tigervnc-1.6.0-22.17.1
xorg-x11-Xvnc-1.6.0-22.17.1
Ссылки
- Link for SUSE-SU-2020:2881-1
- E-Mail link for SUSE-SU-2020:2881-1
- SUSE Security Ratings
- SUSE Bug 1176733
- SUSE CVE CVE-2020-26117 page
Описание
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception.
Затронутые продукты
Image SLES12-SP4-SAP-Azure-BYOS:libXvnc1-1.6.0-22.17.1
Image SLES12-SP4-SAP-Azure-BYOS:xorg-x11-Xvnc-1.6.0-22.17.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libXvnc1-1.6.0-22.17.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:xorg-x11-Xvnc-1.6.0-22.17.1
Ссылки
- CVE-2020-26117
- SUSE Bug 1176733