USN-5965-1: TigerVNC vulnerability
21 March 2023
TigerVNC could be made to expose sensitive information over the network.
- tigervnc - High-performance, platform-neutral implementation of VNC
It was discovered that TigerVNC mishandled TLS certificate exceptions. An
attacker could use this vulnerability to impersonate any server after a client
had added an exception and obtain sensitive information.
The problem can be corrected by updating your system to the following package versions:
- tigervnc-common - 1.10.1+dfsg-3ubuntu0.1+esm2
- tigervnc-standalone-server - 1.10.1+dfsg-3ubuntu0.1+esm2
- tigervnc-scraping-server - 1.10.1+dfsg-3ubuntu0.1+esm2
In general, a standard system update will make all the necessary changes.