Security update for novnc SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:1300-1 Final 1 1 2015-06-10T07:30:30Z current 2015-06-10T07:30:30Z 2015-06-10T07:30:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for novnc novnc was updated to fix a session hijacking problem through insecurely set session token cookies (bnc#922233, CVE-2013-7436). Security Issues: * CVE-2013-7436 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7436> The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sleclo50sp3-novnc Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20151300-1/ Link for SUSE-SU-2015:1300-1 https://lists.suse.com/pipermail/sle-security-updates/2015-July/001510.html E-Mail link for SUSE-SU-2015:1300-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/922233 SUSE Bug 922233 https://www.suse.com/security/cve/CVE-2013-7436/ SUSE CVE CVE-2013-7436 page SUSE OpenStack Cloud 5 novnc-0.4-0.13.1 novnc-0.4-0.13.1 as a component of SUSE OpenStack Cloud 5 noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. CVE-2013-7436 SUSE OpenStack Cloud 5:novnc-0.4-0.13.1 moderate 8.5 AV:N/AC:L/Au:N/C:C/I:P/A:N 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151300-1/ https://www.suse.com/security/cve/CVE-2013-7436.html CVE-2013-7436 https://bugzilla.suse.com/922233 SUSE Bug 922233