U radu programskog paketa tigervnc otkriven je sigurnosni nedostatak koji može dovesti do otkrivanja povjerljivih korisničkih podataka kao što su korisničko ime i lozinka.
Paket:
tigervnc 1.x
Operacijski sustavi:
Fedora 15
Kritičnost:
2.6
Problem:
nepravilno rukovanje lozinkama
Iskorištavanje:
udaljeno
Posljedica:
otkrivanje osjetljivih informacija
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-1775
Izvorni ID preporuke:
FEDORA-2011-6838
Izvor:
Fedora
Problem:
Sigurnosni propust se javlja prilikom slanja korisničkih podataka na VNC (eng. Virtual Network Computing) poslužitelj bez pravilne provjere X.509 certifikata.
Posljedica:
Udaljenom napadaču propust omogućuje otkrivanje osjetljivih podataka kao što su korisničko ime i lozinka.
Rješenje:
Svim se korisnicima savjetuje korištenje dostupnih programskih zakrpa.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-6838
2011-05-11 05:44:58
--------------------------------------------------------------------------------
Name : tigervnc
Product : Fedora 15
Version : 1.0.90
Release : 4.fc15
URL : http://www.tigervnc.com
Summary : A TigerVNC remote display system
Description :
Virtual Network Computing (VNC) is a remote display system which
allows you to view a computing 'desktop' environment not only on the
machine where it is running, but from anywhere on the Internet and
from a wide variety of machine architectures. This package contains a
client which will allow you to connect to other desktops running a VNC
server.
--------------------------------------------------------------------------------
Update Information:
This update fixes following issue:
* vncviewer could have sent user password to VNC server without proper
validation of the server's X.509 certificate when secure X.509 authentication
was requested (CVE-2011-1775)
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 10 2011 Adam Tkac <atkac redhat com> - 1.0.90-4
- viewer can send password without proper validation of X.509 certs
(CVE-2011-1775)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #702672 - tigervnc: vncviewer can send password to server without
proper validation of the X.509 certificate [fedora-15]
https://bugzilla.redhat.com/show_bug.cgi?id=702672
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update tigervnc' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke