[Git][security-tracker-team/security-tracker][master] CVE-2020-9497,CVE-2020-9498,guacamole-client: point to fixing commit

Markus Koschany apo at debian.org
Sat Oct 10 13:55:44 BST 2020



Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
66369467 by Markus Koschany at 2020-10-10T14:53:28+02:00
CVE-2020-9497,CVE-2020-9498,guacamole-client: point to fixing commit

According to the security researchers the vulnerability is in the server code,
so the client is not directly affected. However the releases might be
incompatible and an upgrade to version 1.2.0 necessary

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -40954,9 +40954,13 @@ CVE-2020-9499 (Some Dahua products have buffer overflow vulnerabilities. After t
 CVE-2020-9498 (Apache Guacamole 1.1.0 and older may mishandle pointers involved inpro ...)
 	- guacamole-client <unfixed> (bug #964195)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/3
+	NOTE: https://research.checkpoint.com/2020/apache-guacamole-rce/
+	NOTE: Fixed by https://github.com/apache/guacamole-server/commit/a0e11dc81727528224d28466903454e1cb0266bb
 CVE-2020-9497 (Apache Guacamole 1.1.0 and older do not properly validate datareceived ...)
 	- guacamole-client <unfixed> (bug #964195)
 	NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/2
+	NOTE: https://research.checkpoint.com/2020/apache-guacamole-rce/
+	NOTE: Fixed by https://github.com/apache/guacamole-server/commit/a0e11dc81727528224d28466903454e1cb0266bb
 CVE-2020-9496 (XML-RPC request are vulnerable to unsafe deserialization and Cross-Sit ...)
 	NOT-FOR-US: Apache OFBiz
 CVE-2020-9495 (Apache Archiva login service before 2.2.5 is vulnerable to LDAP inject ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/663694676b2541080480c4bf48c1b2502062d277

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/663694676b2541080480c4bf48c1b2502062d277
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201010/a78d14b4/attachment.html>


More information about the debian-security-tracker-commits mailing list