tigervnc-1.11.0-6.el8

エラータID: AXSA:2021-2102:03

Release date: 
Tuesday, June 29, 2021 - 13:23
Subject: 
tigervnc-1.11.0-6.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.

The following packages have been upgraded to a later upstream version: tigervnc (1.11.0).

Security Fix(es):

* tigervnc: certificate exceptions stored as authorities (CVE-2020-26117)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-26117
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception.

Solution: 

Update packages.

CVEs: 
CVE-2020-26117
In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception.
Additional Info: 

N/A

Download: 

SRPMS
  1. tigervnc-1.11.0-6.el8.src.rpm
    MD5: ec97c37fa4514c6ce3e41852eb94cbac
    SHA-256: 8900610e95645ecd1f500cd74f41cc5d7a34fb050305d2b17793c803df66eece
    Size: 1.35 MB

Asianux Server 8 for x86_64
  1. tigervnc-1.11.0-6.el8.x86_64.rpm
    MD5: 8be49c52af0a1366da40d06d9243914b
    SHA-256: d9f212c4ad2603777db6c5f27773d6109473280568fd3ad4b2aa219f7ff0e42b
    Size: 299.02 kB
  2. tigervnc-icons-1.11.0-6.el8.noarch.rpm
    MD5: 0dabb2fed9a76634b9d5032135f9fd13
    SHA-256: e7e56183708138c6652c53b98108e4989f6226b13d1355850eef58ac9f8fe714
    Size: 47.23 kB
  3. tigervnc-license-1.11.0-6.el8.noarch.rpm
    MD5: 03b2fa9eccecf00df65fb4d0185fbe73
    SHA-256: 165d1ec6569753096ad958a539689ce284a5f533973f4602805a288f440b53f0
    Size: 37.62 kB
  4. tigervnc-selinux-1.11.0-6.el8.noarch.rpm
    MD5: 9197b30bc1314adc553fb844383453e1
    SHA-256: df799a617f2675391767f4c498b440748bd50968314b80e3f5310ddebe5b6cd9
    Size: 46.16 kB
  5. tigervnc-server-1.11.0-6.el8.x86_64.rpm
    MD5: f6bc4e10906b179ebd6899a2bb933522
    SHA-256: bb2a653a51a9426ccc3699728be264a151057fd98e16d32628de8b26585ef31f
    Size: 268.71 kB
  6. tigervnc-server-minimal-1.11.0-6.el8.x86_64.rpm
    MD5: 8eab1cc4f623bc90543b82ad15db51cd
    SHA-256: f1ee3440cb62bfd0bb14052627a0cc027b635517b5da23c34db51c0e9d9b3827
    Size: 1.11 MB
  7. tigervnc-server-module-1.11.0-6.el8.x86_64.rpm
    MD5: 51ecb3c820e216349c417570dec68902
    SHA-256: 12d68382256f0498381c0656c24f5a08a2aa0a5f967547d0756080b6c8af8f84
    Size: 252.84 kB