Описание
Security update for tigervnc
This update for tigervnc fixes the following issues:
- CVE-2020-26117: Server certificates were stored as certiticate authorities, allowing malicious owners of these certificates to impersonate any server after a client had added an exception (bsc#1176733).
Список пакетов
HPE Helion OpenStack 8
libXvnc1-1.6.0-27.1
tigervnc-1.6.0-27.1
xorg-x11-Xvnc-1.6.0-27.1
SUSE Enterprise Storage 5
libXvnc1-1.6.0-27.1
tigervnc-1.6.0-27.1
xorg-x11-Xvnc-1.6.0-27.1
SUSE Linux Enterprise Server 12 SP2-BCL
libXvnc1-1.6.0-27.1
tigervnc-1.6.0-27.1
xorg-x11-Xvnc-1.6.0-27.1
SUSE Linux Enterprise Server 12 SP2-LTSS
libXvnc1-1.6.0-27.1
tigervnc-1.6.0-27.1
xorg-x11-Xvnc-1.6.0-27.1
SUSE Linux Enterprise Server 12 SP3-BCL
libXvnc1-1.6.0-27.1
tigervnc-1.6.0-27.1
xorg-x11-Xvnc-1.6.0-27.1
SUSE Linux Enterprise Server 12 SP3-LTSS
libXvnc1-1.6.0-27.1
tigervnc-1.6.0-27.1
xorg-x11-Xvnc-1.6.0-27.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libXvnc1-1.6.0-27.1
tigervnc-1.6.0-27.1
xorg-x11-Xvnc-1.6.0-27.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libXvnc1-1.6.0-27.1
tigervnc-1.6.0-27.1
xorg-x11-Xvnc-1.6.0-27.1
SUSE OpenStack Cloud 7
libXvnc1-1.6.0-27.1
tigervnc-1.6.0-27.1
xorg-x11-Xvnc-1.6.0-27.1
SUSE OpenStack Cloud 8
libXvnc1-1.6.0-27.1
tigervnc-1.6.0-27.1
xorg-x11-Xvnc-1.6.0-27.1
SUSE OpenStack Cloud Crowbar 8
libXvnc1-1.6.0-27.1
tigervnc-1.6.0-27.1
xorg-x11-Xvnc-1.6.0-27.1
Ссылки
- Link for SUSE-SU-2020:2898-1
- E-Mail link for SUSE-SU-2020:2898-1
- SUSE Security Ratings
- SUSE Bug 1176733
- SUSE CVE CVE-2020-26117 page
Описание
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception.
Затронутые продукты
HPE Helion OpenStack 8:libXvnc1-1.6.0-27.1
HPE Helion OpenStack 8:tigervnc-1.6.0-27.1
HPE Helion OpenStack 8:xorg-x11-Xvnc-1.6.0-27.1
SUSE Enterprise Storage 5:libXvnc1-1.6.0-27.1
Ссылки
- CVE-2020-26117
- SUSE Bug 1176733