1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • noVNC vulnerability

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Monday, September 21, 2020 16:10:01
    novnc vulnerability

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 16.04 LTS

    Summary

    noVNC could be made to execute arbitrary code.

    Software Description

    * novnc - HTML5 VNC client - daemon and programs

    Details

    It was discovered that noVNC did not properly manage certain
    messages, resulting in the remote VNC server injecting arbitrary
    HTML into the noVNC web page. An attacker could use this issue to
    conduct cross-site scripting (XSS) attacks. (CVE-2017-18635)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 16.04 LTS
    novnc -
    1:0.4+dfsg+1+20131010+gitf68af8af3d-4+deb8u1build0.16.04.1
    python-novnc -
    1:0.4+dfsg+1+20131010+gitf68af8af3d-4+deb8u1build0.16.04.1

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2017-18635

    --- Mystic BBS v1.12 A46 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)