Linux Security
    Linux Security
    Linux Security

    Mageia 2020-0388: tigervnc security update

    Date 20 Oct 2020
    187
    Posted By LinuxSecurity Advisories
    In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception. (CVE-2020-26117)
    MGASA-2020-0388 - Updated tigervnc packages fix a security vulnerability
    
    Publication date: 20 Oct 2020
    URL: https://advisories.mageia.org/MGASA-2020-0388.html
    Type: security
    Affected Mageia releases: 7
    CVE: CVE-2020-26117
    
    In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0,
    viewers mishandle TLS certificate exceptions. They store the certificates as
    authorities, meaning that the owner of a certificate could impersonate any
    server after a client had added an exception. (CVE-2020-26117)
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=27270
    - https://github.com/TigerVNC/tigervnc/releases/tag/v1.11.0
    - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/XJC7PGEFEUUZTWSX7CGQG5YLB3NCQ6BO/
    - https://www.debian.org/lts/security/2020/dla-2396
    - https://lists.opensuse.org/opensuse-security-announce/2020-10/msg00025.html
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26117
    
    SRPMS:
    - 7/core/tigervnc-1.10.1-1.2.mga7
    

    Advisories

    LinuxSecurity Poll

    No results found.

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.