MGASA-2021-0272 - Updated guacd packages fix security vulnerabilities

Publication date: 23 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0272.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2018-1340,
     CVE-2020-9497,
     CVE-2020-9498,
     CVE-2020-11997

Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the
user's session token. This cookie lacked the "secure" flag, which could allow
an attacker eavesdropping on the network to intercept the user's session token
if unencrypted HTTP requests are made to the same domain (CVE-2018-1340).

Apache Guacamole 1.1.0 and older do not properly validate data received from
RDP servers via static virtual channels. If a user connects to a malicious or
compromised RDP server, specially-crafted PDUs could result in disclosure of
information within the memory of the guacd process handling the connection
(CVE-2020-9497).

Apache Guacamole 1.1.0 and older may mishandle pointers involved in processing
data received via RDP static virtual channels. If a user connects to a malicious
or compromised RDP server, a series of specially-crafted PDUs could result in
memory corruption, possibly allowing arbitrary code to be executed with the
privileges of the running guacd process (CVE-2020-9498).

Apache Guacamole 1.2.0 and older do not consistently restrict access to
connection history based on user visibility. If multiple users share access to
the same connection, those users may be able to see which other users have
accessed that connection, as well as the IP addresses from which that connection
was accessed, even if those users do not otherwise have permission to see
other users (CVE-2020-11997).

This is an update of guacd to latest version to fix security issues.
We also updated util-linux and ossp_uuid to make them co installable as
guacd requires ossp_uuid.

References:
- https://bugs.mageia.org/show_bug.cgi?id=28158
- https://bugs.mageia.org/show_bug.cgi?id=24509
- https://bugs.mageia.org/show_bug.cgi?id=27593
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/32RWZPQ7FRP73BVKOQK27XV6TX47TT3R/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WNS7UHBOFV6JHWH5XOEZTE3BREGRSSQ3/
- https://www.openwall.com/lists/oss-security/2021/01/18/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1340
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9497
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9498
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11997

SRPMS:
- 7/core/guacd-1.3.0-1.mga7
- 7/core/util-linux-2.33.2-1.1.mga7
- 7/core/ossp_uuid-1.6.2-21.1.mga7

Mageia 2021-0272: guacd security update

Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token

Summary

Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain (CVE-2018-1340).
Apache Guacamole 1.1.0 and older do not properly validate data received from RDP servers via static virtual channels. If a user connects to a malicious or compromised RDP server, specially-crafted PDUs could result in disclosure of information within the memory of the guacd process handling the connection (CVE-2020-9497).
Apache Guacamole 1.1.0 and older may mishandle pointers involved in processing data received via RDP static virtual channels. If a user connects to a malicious or compromised RDP server, a series of specially-crafted PDUs could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process (CVE-2020-9498).
Apache Guacamole 1.2.0 and older do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that connection was accessed, even if those users do not otherwise have permission to see other users (CVE-2020-11997).
This is an update of guacd to latest version to fix security issues. We also updated util-linux and ossp_uuid to make them co installable as guacd requires ossp_uuid.

References

- https://bugs.mageia.org/show_bug.cgi?id=28158

- https://bugs.mageia.org/show_bug.cgi?id=24509

- https://bugs.mageia.org/show_bug.cgi?id=27593

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/32RWZPQ7FRP73BVKOQK27XV6TX47TT3R/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/WNS7UHBOFV6JHWH5XOEZTE3BREGRSSQ3/

- https://www.openwall.com/lists/oss-security/2021/01/18/1

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1340

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9497

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9498

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11997

Resolution

MGASA-2021-0272 - Updated guacd packages fix security vulnerabilities

SRPMS

- 7/core/guacd-1.3.0-1.mga7

- 7/core/util-linux-2.33.2-1.1.mga7

- 7/core/ossp_uuid-1.6.2-21.1.mga7

Severity
Publication date: 23 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0272.html
Type: security
CVE: CVE-2018-1340, CVE-2020-9497, CVE-2020-9498, CVE-2020-11997

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved