MGASA-2020-0374 - Updated novnc package fixes a security vulnerability Publication date: 27 Sep 2020 URL: https://advisories.mageia.org/MGASA-2020-0374.html Type: security Affected Mageia releases: 7 CVE: CVE-2017-18635 An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name. (CVE-2017-18635) References: - https://bugs.mageia.org/show_bug.cgi?id=27306 - https://ubuntu.com/security/notices/USN-4522-1 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18635 SRPMS: - 7/core/novnc-0.5.1-2.1.mga7
Mageia 2020-0374: novnc security update
An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the stat...
Summary
An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote
VNC server could inject arbitrary HTML into the noVNC web page via the messages
propagated to the status field, such as the VNC server name. (CVE-2017-18635)
References
- https://bugs.mageia.org/show_bug.cgi?id=27306
- https://ubuntu.com/security/notices/USN-4522-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18635
Resolution
MGASA-2020-0374 - Updated novnc package fixes a security vulnerability
SRPMS
- 7/core/novnc-0.5.1-2.1.mga7
Severity
Publication date: 27 Sep 2020
URL: https://advisories.mageia.org/MGASA-2020-0374.html
Type: security
CVE: CVE-2017-18635
News
HOWTOs
About Us
Powered By
