You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa guacamole

Sigurnosni nedostaci programskog paketa guacamole

——————————————————————————–
Fedora Update Notification
FEDORA-2020-bfde0ab889
2021-01-04 01:16:46.790032
——————————————————————————–

Name : guacamole-server
Product : Fedora 32
Version : 1.2.0
Release : 3.fc32
URL : http://guac-dev.org/
Summary : Server-side native components that form the Guacamole proxy
Description :
Guacamole is an HTML5 remote desktop gateway.

Guacamole provides access to desktop environments using remote desktop protocols
like VNC and RDP. A centralized server acts as a tunnel and proxy, allowing
access to multiple desktops through a web browser.

No browser plugins are needed, and no client software needs to be installed. The
client requires nothing more than a web browser supporting HTML5 and AJAX.

The main web application is provided by the “guacamole-client” package.

——————————————————————————–
Update Information:

Updated SPEC file and rebuilt for new dependencies.
——————————————————————————–
ChangeLog:

* Sat Dec 26 2020 Simone Caronni <negativo17@gmail.com> – 1.2.0-3
– Do not ship deprecated sysconfig file.
– Trim changelog.
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> – 1.2.0-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Fri Jul 24 2020 Simone Caronni <negativo17@gmail.com> – 1.2.0-1
– Update to 1.2.0.
——————————————————————————–
References:

[ 1 ] Bug #1853386 – CVE-2020-9498 guacamole-server: Dangling pointer in RDP static virtual channel handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1853386
[ 2 ] Bug #1853388 – CVE-2020-9498 guacamole-server: Dangling pointer in RDP static virtual channel handling [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1853388
[ 3 ] Bug #1853391 – CVE-2020-9497 guacamole-server: Improper input validation of RDP static virtual channels [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1853391
[ 4 ] Bug #1853393 – CVE-2020-9497 guacamole-server: Improper input validation of RDP static virtual channels [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1853393
[ 5 ] Bug #1878395 – F34FailsToInstall: libguac-client-kubernetes
https://bugzilla.redhat.com/show_bug.cgi?id=1878395
[ 6 ] Bug #1899751 – Dependency error installing libguac-client-kubernetes
https://bugzilla.redhat.com/show_bug.cgi?id=1899751
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-bfde0ab889’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2020-640645e518
2021-01-04 01:05:53.142327
——————————————————————————–

Name : guacamole-server
Product : Fedora 33
Version : 1.2.0
Release : 3.fc33
URL : http://guac-dev.org/
Summary : Server-side native components that form the Guacamole proxy
Description :
Guacamole is an HTML5 remote desktop gateway.

Guacamole provides access to desktop environments using remote desktop protocols
like VNC and RDP. A centralized server acts as a tunnel and proxy, allowing
access to multiple desktops through a web browser.

No browser plugins are needed, and no client software needs to be installed. The
client requires nothing more than a web browser supporting HTML5 and AJAX.

The main web application is provided by the “guacamole-client” package.

——————————————————————————–
Update Information:

Updated SPEC file and rebuilt for new dependencies.
——————————————————————————–
ChangeLog:

* Sat Dec 26 2020 Simone Caronni <negativo17@gmail.com> – 1.2.0-3
– Do not ship deprecated sysconfig file.
– Trim changelog.
——————————————————————————–
References:

[ 1 ] Bug #1853386 – CVE-2020-9498 guacamole-server: Dangling pointer in RDP static virtual channel handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1853386
[ 2 ] Bug #1853388 – CVE-2020-9498 guacamole-server: Dangling pointer in RDP static virtual channel handling [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1853388
[ 3 ] Bug #1853391 – CVE-2020-9497 guacamole-server: Improper input validation of RDP static virtual channels [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1853391
[ 4 ] Bug #1853393 – CVE-2020-9497 guacamole-server: Improper input validation of RDP static virtual channels [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1853393
[ 5 ] Bug #1878395 – F34FailsToInstall: libguac-client-kubernetes
https://bugzilla.redhat.com/show_bug.cgi?id=1878395
[ 6 ] Bug #1899751 – Dependency error installing libguac-client-kubernetes
https://bugzilla.redhat.com/show_bug.cgi?id=1899751
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-640645e518’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa p11 kit

Otkriveni su sigurnosni nedostaci u programskom paketu p11 kit za operacijski sustav Debian. Otkriveni nedostaci potencijalnim napadačima omogućuju izvršavanje proizvoljnog...

Close