Описание
Security update for tigervnc
This update for tigervnc fixes the following issues:
- CVE-2020-26117: Server certificates were stored as certiticate authorities, allowing malicious owners of these certificates to impersonate any server after a client had added an exception (bsc#1176733)
Список пакетов
SUSE Linux Enterprise High Performance Computing 15-ESPOS
libXvnc1-1.8.0-13.14.1
tigervnc-1.8.0-13.14.1
xorg-x11-Xvnc-1.8.0-13.14.1
xorg-x11-Xvnc-novnc-1.8.0-13.14.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
libXvnc1-1.8.0-13.14.1
tigervnc-1.8.0-13.14.1
xorg-x11-Xvnc-1.8.0-13.14.1
xorg-x11-Xvnc-novnc-1.8.0-13.14.1
SUSE Linux Enterprise Server 15-LTSS
libXvnc1-1.8.0-13.14.1
tigervnc-1.8.0-13.14.1
xorg-x11-Xvnc-1.8.0-13.14.1
xorg-x11-Xvnc-novnc-1.8.0-13.14.1
SUSE Linux Enterprise Server for SAP Applications 15
libXvnc1-1.8.0-13.14.1
tigervnc-1.8.0-13.14.1
xorg-x11-Xvnc-1.8.0-13.14.1
xorg-x11-Xvnc-novnc-1.8.0-13.14.1
Ссылки
- Link for SUSE-SU-2020:2882-1
- E-Mail link for SUSE-SU-2020:2882-1
- SUSE Security Ratings
- SUSE Bug 1176733
- SUSE CVE CVE-2020-26117 page
Описание
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libXvnc1-1.8.0-13.14.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:tigervnc-1.8.0-13.14.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:xorg-x11-Xvnc-1.8.0-13.14.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:xorg-x11-Xvnc-novnc-1.8.0-13.14.1
Ссылки
- CVE-2020-26117
- SUSE Bug 1176733