(RHSA-2015:0788) Moderate: novnc security update

2015-04-07T04:00:00
ID RHSA-2015:0788
Type redhat
Reporter RedHat
Modified 2018-03-19T16:27:05

Description

The novnc package provides a VNC client that uses HTML5 (Web Sockets, Canvas) and includes encryption support.

It was discovered that noVNC did not properly set the 'secure' flag when issuing cookies. An attacker could use this flaw to intercept cookies via a man-in-the-middle attack. (CVE-2013-7436)

All novnc users are advised to upgrade to this updated package, which corrects this issue.