The novnc package provides a VNC client that uses HTML5 (Web Sockets,
Canvas) and includes encryption support.
It was discovered that noVNC did not properly set the ‘secure’ flag when
issuing cookies. An attacker could use this flaw to intercept cookies via a
man-in-the-middle attack. (CVE-2013-7436)
All novnc users are advised to upgrade to this updated package, which
corrects this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | src | novnc | < 0.5.1-2.el6ost | novnc-0.5.1-2.el6ost.src.rpm |
RedHat | 6 | noarch | novnc | < 0.5.1-2.el6ost | novnc-0.5.1-2.el6ost.noarch.rpm |