You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa novnc

Sigurnosni nedostatak programskog paketa novnc

by - 0

==========================================================================
Ubuntu Security Notice USN-4522-1
September 21, 2020

novnc vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 16.04 LTS

Summary:

noVNC could be made to execute arbitrary code.

Software Description:
– novnc: HTML5 VNC client – daemon and programs

Details:

It was discovered that noVNC did not properly manage certain messages,
resulting in the remote VNC server injecting arbitrary HTML into the
noVNC web page. An attacker could use this issue to conduct cross-site
scripting (XSS) attacks. (CVE-2017-18635)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
novnc
1:0.4+dfsg+1+20131010+gitf68af8af3d-4+deb8u1build0.16.04.1
python-novnc
1:0.4+dfsg+1+20131010+gitf68af8af3d-4+deb8u1build0.16.04.1

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/4522-1
CVE-2017-18635

Package Information:

https://launchpad.net/ubuntu/+source/novnc/1:0.4+dfsg+1+20131010+gitf68af8af3d-4+deb8u1build0.16.04.1

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEE7MowLJorxPNkyBZZW+PTAFZKyRgFAl9o+loACgkQW+PTAFZK
yRg08A//SnlnE3ATWb67ay7gGaKGjbMwXK1/rYU4Z+i3atgOo2U4Nvrcq9chFi3l
Qg82A9WanH7E9i86ihFlx6JJitrozMG+u/Jtx4iQkqippi17P4An5hi246EF0GM9
axfx2OiUxJbKkVBfqeCqtSLumJTvuxX8srUMD0zxFVKAj/6Fr+jEdpGt1ir0vO4k
KyNXBMfoi4ZI8mR5RfPuenjb7dFDmQjJD2FLZzVDCAToFQg11v44lqk2jwZEA+jS
PyZ/nSHimRTG/9APs45XP3ryC3ylsBcaln9FP/t9zb5l4JS4TFqjDk4cLBCBYMsZ
exx74/nK9MIA1JPkeQ5eF8ERsOlvHEN7cAMxdvxGRHDJslc+CgDSczt+vCm2KY2w
EdaqiBedj4apqU0kkm1DPumRtrYKpi/URX3et1t6zIigsghUlxrahkSgcTszXaMe
DnBP1h9HSE0tsjy080ckDFVLAv9Bghf2u3bkSJ89iNH1ejABbJO4qVZJI8Pl0BiL
Dcaah33XU4mdyXhxW+fqqoavq63oFjTjLn+1+zx6fTW/9nS6fQjX7sU2UFXRgarL
MAuX/V6Y4VFpuztyvzB+wFEXLf7AqyFFgm0B/OkNtcb/9XqCZUwCYP+RSYPdTWtc
Ut6CiRjEJc0CD1KZOPRATND6K4PqStLZbyMWihGsLkcR8ojC4Fc=
=AgvI
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa curl

Otkriven je sigurnosni nedostatak u programskom paketu curl za operacijski sustav openSUSE. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija....

Close