SUSE-SU-2020:2882-1

Опубликовано: 09 окт. 2020

Источник: suse-cvrf

Описание

Security update for tigervnc

This update for tigervnc fixes the following issues:

CVE-2020-26117: Server certificates were stored as certiticate authorities, allowing malicious owners of these certificates to impersonate any server after a client had added an exception (bsc#1176733)

Список пакетов

Image SLES15-SAP-Azure

libXvnc1-1.8.0-13.14.1

xorg-x11-Xvnc-1.8.0-13.14.1

Image SLES15-SAP-Azure-BYOS

libXvnc1-1.8.0-13.14.1

xorg-x11-Xvnc-1.8.0-13.14.1

Image SLES15-SAP-Azure-LI-BYOS-Production

libXvnc1-1.8.0-13.14.1

xorg-x11-Xvnc-1.8.0-13.14.1

Image SLES15-SAP-Azure-VLI-BYOS-Production

libXvnc1-1.8.0-13.14.1

xorg-x11-Xvnc-1.8.0-13.14.1

Image SLES15-SAP-EC2-HVM

libXvnc1-1.8.0-13.14.1

xorg-x11-Xvnc-1.8.0-13.14.1

Image SLES15-SAP-EC2-HVM-BYOS

libXvnc1-1.8.0-13.14.1

xorg-x11-Xvnc-1.8.0-13.14.1

Image SLES15-SAP-GCE

libXvnc1-1.8.0-13.14.1

xorg-x11-Xvnc-1.8.0-13.14.1

Image SLES15-SAP-GCE-BYOS

libXvnc1-1.8.0-13.14.1

xorg-x11-Xvnc-1.8.0-13.14.1

Image SLES15-SAP-OCI-BYOS

libXvnc1-1.8.0-13.14.1

xorg-x11-Xvnc-1.8.0-13.14.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS

libXvnc1-1.8.0-13.14.1

tigervnc-1.8.0-13.14.1

xorg-x11-Xvnc-1.8.0-13.14.1

xorg-x11-Xvnc-novnc-1.8.0-13.14.1

SUSE Linux Enterprise High Performance Computing 15-LTSS

libXvnc1-1.8.0-13.14.1

tigervnc-1.8.0-13.14.1

xorg-x11-Xvnc-1.8.0-13.14.1

xorg-x11-Xvnc-novnc-1.8.0-13.14.1

SUSE Linux Enterprise Server 15-LTSS

libXvnc1-1.8.0-13.14.1

tigervnc-1.8.0-13.14.1

xorg-x11-Xvnc-1.8.0-13.14.1

xorg-x11-Xvnc-novnc-1.8.0-13.14.1

SUSE Linux Enterprise Server for SAP Applications 15

libXvnc1-1.8.0-13.14.1

tigervnc-1.8.0-13.14.1

xorg-x11-Xvnc-1.8.0-13.14.1

xorg-x11-Xvnc-novnc-1.8.0-13.14.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20202882-1/
Link for SUSE-SU-2020:2882-1
https://lists.suse.com/pipermail/sle-security-updates/2020-October/007536.html
E-Mail link for SUSE-SU-2020:2882-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1176733
SUSE Bug 1176733
https://www.suse.com/security/cve/CVE-2020-26117/
SUSE CVE CVE-2020-26117 page

Описание

In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception.

Затронутые продукты

Image SLES15-SAP-Azure-BYOS:libXvnc1-1.8.0-13.14.1

Image SLES15-SAP-Azure-BYOS:xorg-x11-Xvnc-1.8.0-13.14.1

Image SLES15-SAP-Azure-LI-BYOS-Production:libXvnc1-1.8.0-13.14.1

Image SLES15-SAP-Azure-LI-BYOS-Production:xorg-x11-Xvnc-1.8.0-13.14.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-26117.html
CVE-2020-26117
https://bugzilla.suse.com/1176733
SUSE Bug 1176733

SUSE-SU-2020:2882-1

Описание

Список пакетов

Image SLES15-SAP-Azure

Image SLES15-SAP-Azure-BYOS

Image SLES15-SAP-Azure-LI-BYOS-Production

Image SLES15-SAP-Azure-VLI-BYOS-Production

Image SLES15-SAP-EC2-HVM

Image SLES15-SAP-EC2-HVM-BYOS

Image SLES15-SAP-GCE

Image SLES15-SAP-GCE-BYOS

Image SLES15-SAP-OCI-BYOS

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Server for SAP Applications 15

Ссылки

Уязвимость: CVE-2020-26117

Описание

Затронутые продукты

Ссылки