[Git][security-tracker-team/security-tracker][master] CVE-2020-9497,CVE-2020-9498,guacamole-client: point to fixing commit
Markus Koschany
apo at debian.org
Sat Oct 10 13:55:44 BST 2020
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
66369467 by Markus Koschany at 2020-10-10T14:53:28+02:00
CVE-2020-9497,CVE-2020-9498,guacamole-client: point to fixing commit
According to the security researchers the vulnerability is in the server code,
so the client is not directly affected. However the releases might be
incompatible and an upgrade to version 1.2.0 necessary
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -40954,9 +40954,13 @@ CVE-2020-9499 (Some Dahua products have buffer overflow vulnerabilities. After t
CVE-2020-9498 (Apache Guacamole 1.1.0 and older may mishandle pointers involved inpro ...)
- guacamole-client <unfixed> (bug #964195)
NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/3
+ NOTE: https://research.checkpoint.com/2020/apache-guacamole-rce/
+ NOTE: Fixed by https://github.com/apache/guacamole-server/commit/a0e11dc81727528224d28466903454e1cb0266bb
CVE-2020-9497 (Apache Guacamole 1.1.0 and older do not properly validate datareceived ...)
- guacamole-client <unfixed> (bug #964195)
NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/2
+ NOTE: https://research.checkpoint.com/2020/apache-guacamole-rce/
+ NOTE: Fixed by https://github.com/apache/guacamole-server/commit/a0e11dc81727528224d28466903454e1cb0266bb
CVE-2020-9496 (XML-RPC request are vulnerable to unsafe deserialization and Cross-Sit ...)
NOT-FOR-US: Apache OFBiz
CVE-2020-9495 (Apache Archiva login service before 2.2.5 is vulnerable to LDAP inject ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/663694676b2541080480c4bf48c1b2502062d277
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/663694676b2541080480c4bf48c1b2502062d277
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201010/a78d14b4/attachment.html>
More information about the debian-security-tracker-commits
mailing list