ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0388
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0388)
Resumen:	The remote host is missing an update for the 'tigervnc' package(s) announced via the MGASA-2020-0388 advisory.
Descripción:	Summary: The remote host is missing an update for the 'tigervnc' package(s) announced via the MGASA-2020-0388 advisory. Vulnerability Insight: In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception. (CVE-2020-26117) Affected Software/OS: 'tigervnc' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-26117 https://bugzilla.opensuse.org/show_bug.cgi?id=1176733 https://github.com/TigerVNC/tigervnc/commit/20dea801e747318525a5859fe4f37c52b05310cb https://github.com/TigerVNC/tigervnc/commit/7399eab79a4365434d26494fa1628ce1eb91562b https://github.com/TigerVNC/tigervnc/commit/b30f10c681ec87720cff85d490f67098568a9cba https://github.com/TigerVNC/tigervnc/commit/f029745f63ac7d22fb91639b2cb5b3ab56134d6e https://github.com/TigerVNC/tigervnc/releases/tag/v1.11.0 https://lists.debian.org/debian-lts-announce/2020/10/msg00007.html SuSE Security Announcement: openSUSE-SU-2020:1666 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00025.html SuSE Security Announcement: openSUSE-SU-2020:1841 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00024.html
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.