Mageia 2020-0374: novnc security update | LinuxSecurity.com
MGASA-2020-0374 - Updated novnc package fixes a security vulnerability

Publication date: 27 Sep 2020
URL: https://advisories.mageia.org/MGASA-2020-0374.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2017-18635

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote
VNC server could inject arbitrary HTML into the noVNC web page via the messages
propagated to the status field, such as the VNC server name. (CVE-2017-18635)

References:
- https://bugs.mageia.org/show_bug.cgi?id=27306
- https://ubuntu.com/security/notices/USN-4522-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18635

SRPMS:
- 7/core/novnc-0.5.1-2.1.mga7

Mageia 2020-0374: novnc security update

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the stat...

Summary

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. (CVE-2017-18635)

References

- https://bugs.mageia.org/show_bug.cgi?id=27306

- https://ubuntu.com/security/notices/USN-4522-1

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18635

Resolution

MGASA-2020-0374 - Updated novnc package fixes a security vulnerability

SRPMS

- 7/core/novnc-0.5.1-2.1.mga7

Severity
Publication date: 27 Sep 2020
URL: https://advisories.mageia.org/MGASA-2020-0374.html
Type: security
CVE: CVE-2017-18635

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.