Stay Secure with the Latest Linux Advisories

security advisoryfedoracritical

Fedora 41: Critical Input Validation Vulnerability in guacamole-server

Apache Guacamole 1.6.0 User interface / platform Add the ability to specify separate permissions for \u201cHistory\u201d and \u201cActive sessions\u201d tabs (GUACAMOLE-538) Support batch import of connections from CSV (GUACAMOLE-926) . -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-c597fcda32 2025-07-04 01:07:02.316591+00:00 -------------------------------------------------------------------------------- Name : guacamole-server Product : Fedora 41 Version : 1.6.0 Release : 1.fc41 URL : https://guacamole.apache.org/ Summary : Server-side native components that form the Guacamole proxy Description : Guacamole is an HTML5 remote desktop gateway. Guacamole provides access to desktop environments using remote desktop protocols like VNC and RDP. A centralized server acts as a tunnel and proxy, allowing access to multiple desktops through a web browser. No browser plugins are needed, and no client software needs to be installed. The client requires nothing more than a web browser supporting HTML5 and AJAX. The main web application is provided by the "guacamole-client" package. -------------------------------------------------------------------------------- Update Information: Apache Guacamole 1.6.0 User interface / platform Add the ability to specify separate permissions for \u201cHistory\u201d and \u201cActive sessions\u201d tabs (GUACAMOLE-538) Support batch import of connections from CSV (GUACAMOLE-926) Add parameter token for connection name (GUACAMOLE-1177) Provide audit log for system modifications (GUACAMOLE-1224) Configurable username case sensitivity (GUACAMOLE-1239) Provide chunked file upload mechanism (GUACAMOLE-1320) Display whether user groups are disabled in group list (GUACAMOLE-1479) Support for true fullscreen mode and keyboard lock (GUACAMOLE-1525) Allow branding/customization of the section headers on the user home page (GUACAMOLE-1584) Addsupport for specifying VNC \u201cencodings\u201d parameter in webapp UI (GUACAMOLE-1642) Automatically clear view if session expires in background (GUACAMOLE-1744) Base64 encoding of image/binary data results in excessive syscalls that can degrade performance (GUACAMOLE-1776) Update session recording playback progress during large frame gaps (GUACAMOLE-1803) Enable viewing / searching of key events in session recording playback (GUACAMOLE-1820) Improvements to the \u201cRecent connections\u201d section (GUACAMOLE-1866) History Recording Player should indicate points of interest (GUACAMOLE-1876) Enhance client custom field functionality (GUACAMOLE-1904) Provide notification, jump-to-top of page for a clone operation (GUACAMOLE-1916) Bug: Logging of request details fails with recent Tomcat (GUACAMOLE-2052) Authentication, integration, and storage Ensure GUAC_DATE/GUAC_TIME tokens match connection startDate (GUACAMOLE-61) Add Proxy Hostname and Port to LDAP Extension (GUACAMOLE-577) Add webapp support for smart card authentication (GUACAMOLE-839) Enforce rate limit on authentication attempts (GUACAMOLE-990) Broadly configurable time limits for user logins and connection usage (GUACAMOLE-1020) Randomize generation of TOTP key until enrollment is confirmed (GUACAMOLE-1068) Allow TOTP to be disabled by group membership (GUACAMOLE-1219) Update guacamole-auth-duo to \u201cDuo Web v4 SDK\u201d (GUACAMOLE-1289) SAML module should be able to encrypt and sign requests (GUACAMOLE-1372) Allow LDAP extension to configure TLS level (GUACAMOLE-1488) Clarify TOTP reset/status logic (GUACAMOLE-1550) Allow JDBC Auth Extensions to track history for external connections (GUACAMOLE-1616) Allow extraction of \u201cdomain\u201d token from vault extensions (GUACAMOLE-1623) Enable more granular vault associations (GUACAMOLE-1629) Allow use of KSM one-time tokens in guacamole-vault-ksm extension (GUACAMOLE-1643) Allow per-user KSM Vault configurations (GUACAMOLE-1656) KSM vault extension should allowsearching records by domain (GUACAMOLE-1661) Allow user to configure Keeper Secrets Manager call frequency (GUACAMOLE-1722) Enforce user access windows even when already logged in (GUACAMOLE-1723) Add SSO providers list to UI at most once (GUACAMOLE-1757) Allow TOTP and SAML auth to be used together (GUACAMOLE-1780) Bug: KSM Vault extension doesn\u2019t support private key from \u201cPAM User\u201d record type (GUACAMOLE-1795) Map JWT claims from OpenID Connect as parameter tokens (GUACAMOLE-1844) Allow MFA to be bypassed or enforced based on client IP (GUACAMOLE-1855) Add parameter token for domain of LDAP user (GUACAMOLE-1881) Disable autofill on TOTP verification code field (GUACAMOLE-1946) Provide a comprehensive error message for input exceeding database column (GUACAMOLE-1948) Protocol support / guacd Allow selection of whole words by double-clicking (GUACAMOLE-192) Improve efficiency of streaming complex/large changes (Graphics Pipeline Extension, RemoteFX) (GUACAMOLE-377) Allow specifying connection timeout (GUACAMOLE-600) Add support for FreeRDP 3.0.0 (GUACAMOLE-1026) Bug: Connecting to unpublished RemoteApp results in black screen (GUACAMOLE-1084) Bug: Add support for right modifier keys to SSH/Telnet (GUACAMOLE-1113) Add auto resize to VNC sessions (GUACAMOLE-1196) RemoteApp windows become inaccessible after being minimized (GUACAMOLE-1231) Bug: Lines of file gets broken when navigating back and forth using a text editor (GUACAMOLE-1256) Add option to the vnc protocol to disable remote input (GUACAMOLE-1267) Add support for SSH certificates (GUACAMOLE-1290) Add parameter for specifying known RDP server certificate/fingerprint (GUACAMOLE-1332) Bug: \u201cAltGr\u201d received as \u201cAlt\u201d if remote keyboard layout lacks \u201cAltGr\u201d (GUACAMOLE-1473) Bug: Terminal emulator adds newlines when copying a wrapped line of text (GUACAMOLE-1586) Add small margins to SSH sessions (GUACAMOLE-1622) Bug: Text copied from terminal emulator may incorrectly omitindentation (GUACAMOLE-1632) Add terminal support for alternate screen buffer (GUACAMOLE-1633) Bug: SFTP+VNC broken when built with OpenSSL versions > = 1.1.0 (GUACAMOLE-1652) Clipboard normalization support for SSH connections (GUACAMOLE-1682) Test machine availability when sending Wake-on-LAN packet (GUACAMOLE-1686) Bug: Japanese characters display garbled in terminal when using guacd docker image (GUACAMOLE-1726) Add parameters for VNC compression and quality levels (GUACAMOLE-1760) Terminal protocols should support mac-style cmd+v paste shortcut (GUACAMOLE-1804) Ignore Ctrl+Shift+C within terminal emulator (GUACAMOLE-1805) Allow writing recordings to existing files (GUACAMOLE-1931) Bug: RDP connection fails when microphone input is enabled (GUACAMOLE-1940) Bug: Selected text in SSH is offset from cursor position (GUACAMOLE-1944) Bug: Multiple wheel events per mouse wheel tick (GUACAMOLE-1967) Bug: FreeRDP may invoke EndPaint without BeginPaint as of 3.8.0 (GUACAMOLE-1997) Internationalization Bug: Japanese keyboard layout for RDP incorrect (GUACAMOLE-520) Add support for Canadian french keyboard layout (GUACAMOLE-1312) Update French translations (GUACAMOLE-1611) Fix some typos in italian translation and improve it (GUACAMOLE-1612) Updated czech translation (GUACAMOLE-1664) Updated german translation (GUACAMOLE-1692) Add Czech keyboard layout (GUACAMOLE-1708) Polish translation (GUACAMOLE-1730) Updated czech translation (GUACAMOLE-1758) Add Romanian keymap to RDP protocol (GUACAMOLE-1770) Add Portuguese keymap to RDP protocol (GUACAMOLE-1771) Update the Simplified Chinese translation (GUACAMOLE-1778) Update the Simplified Chinese translation for totp auth extension (GUACAMOLE-1781) Updated czech translation (GUACAMOLE-1792) Bug: Mac Firefox repeats composed characters (GUACAMOLE-1810) Documentation Add missing WEBAPP_CONTEXT variable in docker setup documentation (GUACAMOLE-1680) Document RemoteIPValve to cover IPv4 and IPv6 (GUACAMOLE-1861) General housekeeping andcleanup Provide GuacamoleProperty List Implementations (GUACAMOLE-1006) Expose client state enum values (GUACAMOLE-1402) Guacamole manual: Makefile: find uses non-POSIX arguments (GUACAMOLE-1501) Bug: Phantomjs build issues on ubuntu 22.04 (GUACAMOLE-1614) Remove usage of AccessController (GUACAMOLE-1716) Bug: Correct autoconf issues that result in odd build results (GUACAMOLE-1719) Stop storing unnecessary auth response data in local storage (GUACAMOLE-1721) Bug: Projects outside scope of 1.5.0 fail to build following merge of version number bump (GUACAMOLE-1731) Bug: Projects outside scope of 1.5.1 fail to build following merge of version number bump (GUACAMOLE-1767) Bug: SQLSERVER_BATCH_SIZE defined twice in SQLServerGuacamoleProperties (GUACAMOLE-1789) Bug: Projects outside scope of 1.5.2 fail to build following merge of version number bump (GUACAMOLE-1790) Bug: Projects outside scope of 1.5.3 fail to build following merge of version number bump (GUACAMOLE-1829) Bug: Merge conflict markers left in guacamole-manual source (GUACAMOLE-1833) KSM Vault extension should support new PAM Hostname field type (GUACAMOLE-1868) Align libraries on \u201cLibrary status\u201d output (GUACAMOLE-1869) Check return values of WebP API functions (GUACAMOLE-1875) Bug: Projects outside scope of 1.5.4 fail to build following merge of version number bump (GUACAMOLE-1887) Bump versions for projects outside the 1.5.5 scope (GUACAMOLE-1915) Add support for FFmpeg 7.0 (GUACAMOLE-1952) Update dependencies to latest stable and compatible versions (GUACAMOLE-1956) Bump versions to 1.6.0 (GUACAMOLE-1980) Bug: Compile error in src/protocols/rdp/channels/rail.c (GUACAMOLE-1982) Upgrade KSM SDK to latest (v16.6.5) (GUACAMOLE-1984) -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 24 2025 Robert Scheck - 1.6.0-1 - Update to 1.6.0 (#2363860, thanks to W. Michael Petullo) - Add upstream patch for src/libguac/wol.c to fix inet_pton being called with adestination buffer size too small (GUACAMOLE-2087) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2375882 - CVE-2024-35164 guacamole: Apache Guacamole improper input validation https://bugzilla.redhat.com/show_bug.cgi?id=2375882 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c597fcda32' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . The latest guacamole-server update in Fedora 41 brings essential security improvements aimed at input validation flaws, urging prompt upgrades for better attack defense. guacamole-server, fedora update, input validation, security advisory, critical issues. . Severity: Critical. LinuxSecurity.com Team

Jul 04, 2025 •Critical Fedora