Advisories » MGASA-2020-0374

Updated novnc package fixes a security vulnerability

Publication date: 27 Sep 2020
Modification date: 27 Sep 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2017-18635

Description

An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote
VNC server could inject arbitrary HTML into the noVNC web page via the messages
propagated to the status field, such as the VNC server name. (CVE-2017-18635)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=27306
• https://ubuntu.com/security/notices/USN-4522-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18635

SRPMS

7/core

• novnc-0.5.1-2.1.mga7