[Pkg-tigervnc-devel] Bug#971272: tigervnc-viewer: VNC viewer certificate exceptions are mistakenly handled as certificate authorities
Joachim Falk
joachim.falk at gmx.de
Mon Sep 28 17:22:50 BST 2020
Package: tigervnc-viewer
Version: 1.7.0+dfsg-1
Severity: normal
Tags: upstream
The VNC viewer mistakenly handles certificate exceptions as
certificate authorities. Thus, the owner of a certificate, for
which an exception was added, can impersonate any VNC server.
This is issue CVE-2020-26117.
-- System Information:
Debian Release: 10.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-9-amd64 (SMP w/16 CPU cores)
Kernel taint flags: TAINT_WARN
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages tigervnc-viewer depends on:
ii libc6 2.28-10
ii libfltk-images1.3 1.3.4-9
ii libfltk1.3 1.3.4-9
ii libgcc1 1:8.3.0-6
ii libgnutls30 3.6.7-4+deb10u5
ii libjpeg62-turbo 1:1.5.2-2+b1
ii libstdc++6 8.3.0-6
ii libx11-6 2:1.6.7-1+deb10u1
ii libxext6 2:1.3.3-1+b2
ii libxrender1 1:0.9.10-1
ii zlib1g 1:1.2.11.dfsg-1
tigervnc-viewer recommends no packages.
Versions of packages tigervnc-viewer suggests:
ii tigervnc-common 1.10.1+dfsg-8~bpo10+1
-- no debconf information
More information about the Pkg-tigervnc-devel
mailing list