Ubuntu Security Notice 4522-1 - It was discovered that noVNC did not properly manage certain messages, resulting in the remote VNC server injecting arbitrary HTML into the noVNC web page. An attacker could use this issue to conduct cross-site scripting attacks.
5ae21e4984019a08972b1af6dcd3d7045a3453ee999b9508be4edcc8f21311a6==========================================================================
Ubuntu Security Notice USN-4522-1
September 21, 2020
novnc vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
noVNC could be made to execute arbitrary code.
Software Description:
- novnc: HTML5 VNC client - daemon and programs
Details:
It was discovered that noVNC did not properly manage certain messages,
resulting in the remote VNC server injecting arbitrary HTML into the
noVNC web page. An attacker could use this issue to conduct cross-site
scripting (XSS) attacks. (CVE-2017-18635)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
novnc
1:0.4+dfsg+1+20131010+gitf68af8af3d-4+deb8u1build0.16.04.1
python-novnc
1:0.4+dfsg+1+20131010+gitf68af8af3d-4+deb8u1build0.16.04.1
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4522-1
CVE-2017-18635
Package Information:
https://launchpad.net/ubuntu/+source/novnc/1:0.4+dfsg+1+20131010+gitf68af8af3d-4+deb8u1build0.16.04.1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed