drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in noVNC
Name: |
Ausführen beliebiger Kommandos in noVNC |
|
ID: |
USN-4522-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 16.04 LTS |
|
Datum: |
Mo, 21. September 2020, 22:40 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18635
https://launchpad.net/ubuntu/+source/novnc/1:0.4+dfsg+1+20131010+gitf68af8af3d-4+deb8u1build0.16.04.1 |
|
Applikationen: |
noVNC |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============8394647483470329374== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="0dpDFg1gtpKofoY3p12V8ZX10kNXNXiGH"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --0dpDFg1gtpKofoY3p12V8ZX10kNXNXiGH Content-Type: multipart/mixed; boundary="Wu84Ld37QVEjRW3Y8cjlyOzlc9fmmpK42"
--Wu84Ld37QVEjRW3Y8cjlyOzlc9fmmpK42 Content-Type: text/plain; charset=utf-8 Content-Language: en-U Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-4522-1 September 21, 2020
novnc vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
noVNC could be made to execute arbitrary code.
Software Description: - novnc: HTML5 VNC client - daemon and programs
Details:
It was discovered that noVNC did not properly manage certain messages, resulting in the remote VNC server injecting arbitrary HTML into the noVNC web page. An attacker could use this issue to conduct cross-site scripting (XSS) attacks. (CVE-2017-18635)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 LTS: novnc 1:0.4+dfsg+1+20131010+gitf68af8af3d-4+deb8u1build0.16.04.1 python-novnc 1:0.4+dfsg+1+20131010+gitf68af8af3d-4+deb8u1build0.16.04.1
In general, a standard system update will make all the necessary changes.
References: https://usn.ubuntu.com/4522-1 CVE-2017-18635
Package Information:
https://launchpad.net/ubuntu/+source/novnc/1:0.4+dfsg+1+20131010+gitf68af8af3d-4+deb8u1build0.16.04.1
--Wu84Ld37QVEjRW3Y8cjlyOzlc9fmmpK42--
--0dpDFg1gtpKofoY3p12V8ZX10kNXNXiGH Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE7MowLJorxPNkyBZZW+PTAFZKyRgFAl9o+loACgkQW+PTAFZK yRg08A//SnlnE3ATWb67ay7gGaKGjbMwXK1/rYU4Z+i3atgOo2U4Nvrcq9chFi3l Qg82A9WanH7E9i86ihFlx6JJitrozMG+u/Jtx4iQkqippi17P4An5hi246EF0GM9 axfx2OiUxJbKkVBfqeCqtSLumJTvuxX8srUMD0zxFVKAj/6Fr+jEdpGt1ir0vO4k KyNXBMfoi4ZI8mR5RfPuenjb7dFDmQjJD2FLZzVDCAToFQg11v44lqk2jwZEA+jS PyZ/nSHimRTG/9APs45XP3ryC3ylsBcaln9FP/t9zb5l4JS4TFqjDk4cLBCBYMsZ exx74/nK9MIA1JPkeQ5eF8ERsOlvHEN7cAMxdvxGRHDJslc+CgDSczt+vCm2KY2w EdaqiBedj4apqU0kkm1DPumRtrYKpi/URX3et1t6zIigsghUlxrahkSgcTszXaMe DnBP1h9HSE0tsjy080ckDFVLAv9Bghf2u3bkSJ89iNH1ejABbJO4qVZJI8Pl0BiL Dcaah33XU4mdyXhxW+fqqoavq63oFjTjLn+1+zx6fTW/9nS6fQjX7sU2UFXRgarL MAuX/V6Y4VFpuztyvzB+wFEXLf7AqyFFgm0B/OkNtcb/9XqCZUwCYP+RSYPdTWtc Ut6CiRjEJc0CD1KZOPRATND6K4PqStLZbyMWihGsLkcR8ojC4Fc= =AgvI -----END PGP SIGNATURE-----
--0dpDFg1gtpKofoY3p12V8ZX10kNXNXiGH--
--===============8394647483470329374== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============8394647483470329374==--
|
|
|
|