Advisories ยป MGASA-2015-0133

Updated novnc packages fix CVE-2013-7436

Publication date: 04 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2013-7436

Description

Updated novnc package fixes security vulnerability:

noVNC before 0.5.1 allows an attacker to steal insecurely set session token
cookies, hijacking active or inactive VNC sessions (CVE-2013-7436).
                

References

SRPMS

4/core