Advisories » MGASA-2015-0133

Updated novnc packages fix CVE-2013-7436

Publication date: 04 Apr 2015
Modification date: 04 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2013-7436

Description

Updated novnc package fixes security vulnerability:

noVNC before 0.5.1 allows an attacker to steal insecurely set session token
cookies, hijacking active or inactive VNC sessions (CVE-2013-7436).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15481
• https://bugzilla.redhat.com/show_bug.cgi?id=1193451
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7436

SRPMS

4/core

• novnc-0.4-9.2.mga4