| Summary: | guacd new security issues CVE-2021-41767, CVE-2021-43999, CVE-2023-3057[56] | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | Nicolas Lécureuil <mageia> |
| Status: | RESOLVED OLD | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | nicolas.salguero, yvesbrungard |
| Version: | 8 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | guacd-1.3.0-1.mga8.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2022-01-11 23:49:37 CET
David Walser
2022-01-11 23:49:48 CET
Whiteboard:
(none) =>
MGA8TOO I assume these are fixed upstream in 1.4.0: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/P3X6KYVDMURCDFATPNFFLFQ4TBMRSXU5/ Apache has issued advisories on June 6: https://www.openwall.com/lists/oss-security/2023/06/06/1 https://www.openwall.com/lists/oss-security/2023/06/06/2 The issues are fixed upstream in 1.5.2. Summary:
guacd new security issues CVE-2021-41767 and CVE-2021-43999 =>
guacd new security issues CVE-2021-41767, CVE-2021-43999, CVE-2023-3057[56] We have currently guacd 1.5.1 in caudron according to https://guacamole.apache.org/security/ Fixed in Apache Guacamole 1.4.0 Improper validation of SAML responses (CVE-2021-43999) Private tunnel identifier may be included in the non-private details of active connections (CVE-2021-41767) Thus we still need 1.5.2 CC:
(none) =>
yves.brungard_mageia guacd build in 1.5.2 (cauldron testing): guacd-1.5.2-1.mga9 lib64guac-client-rdp0-1.5.2-1.mga9 lib64guac-terminal0-1.5.2-1.mga9 guacd-client-rdp-1.5.2-1.mga9 lib64guac21-1.5.2-1.mga9 lib64guac-client-telnet0-1.5.2-1.mga9 lib64guac-client-kubernetes0-1.5.2-1.mga9 lib64guac-client-vnc0-1.5.2-1.mga9 lib64guac-client-ssh0-1.5.2-1.mga9 lib64guac-devel-1.5.2-1.mga9 Cauldron updated Whiteboard:
MGA8TOO =>
(none) Mageia 8 EOL Resolution:
(none) =>
OLD |