-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 06 Nov 2020 22:44:56 +0100 Source: guacamole-server Binary: libguac-dev guacd libguac-client-rdp0 libguac-client-ssh0 libguac-client-vnc0 libguac-client-telnet0 libguac11 Architecture: source Version: 0.9.9-2+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Remote Maintainers <pkg-remote-team@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: guacd - HTML5 web application for accessing remote desktops (proxy daemon libguac-client-rdp0 - HTML5 web application for accessing remote desktops (RDP support) libguac-client-ssh0 - HTML5 web application for accessing remote desktops (SSH support) libguac-client-telnet0 - HTML5 web application for accessing remote desktops (Telnet suppo libguac-client-vnc0 - HTML5 web application for accessing remote desktops (VNC support) libguac-dev - Guacamole proxy daemon (core library headers) libguac11 - HTML5 web application for accessing remote desktops (library) Changes: guacamole-server (0.9.9-2+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2020-9498:. Apache Guacamole may mishandle pointers involved in processing data received via RDP static virtual channels. If a user connects to a malicious or compromised RDP server, a series of specially-crafted PDUs could result in memory corruption, possiblyi allowing arbitrary code to be executed with the privileges of the running guacd process. * Fix CVE-2020-9497: Apache Guacamole does not properly validate data received from RDP servers via static virtual channels. If a user connects to a malicious or compromised RDP server, specially-crafted PDUs could result in disclosure of information within the memory of the guacd process handling the connection. Checksums-Sha1: 9075d83ed55dfce070183c6f77c5bb7053c98649 2778 guacamole-server_0.9.9-2+deb9u1.dsc a1ab3bf1e39291e318182b85055587fd98b39de1 679797 guacamole-server_0.9.9.orig.tar.gz 58dcdff36cf314baeae2343d08af98aacca66e80 15856 guacamole-server_0.9.9-2+deb9u1.debian.tar.xz 5ed4737bde9cb14df822196afbd98d6c106c1772 17687 guacamole-server_0.9.9-2+deb9u1_amd64.buildinfo Checksums-Sha256: 7dfaf077c3e92edf9a9ef014b5e73419a5f3bc6345c4d398e4ddcd326dc00675 2778 guacamole-server_0.9.9-2+deb9u1.dsc 4263e78c7f7c6fe04bd4bbe96634aa612ae67e4ce64fdc4feb8d16ce70e724ff 679797 guacamole-server_0.9.9.orig.tar.gz 5d922e64996e84c3b0fbbae92b9f6d3b50aef4d5c6a8b012ecf06ce079ae4a50 15856 guacamole-server_0.9.9-2+deb9u1.debian.tar.xz 26889f752086fe7256432b1384239ae71e03aebfec713a3c05bc891f4f14feb8 17687 guacamole-server_0.9.9-2+deb9u1_amd64.buildinfo Files: b91e357228e2b4947b677b703fdde804 2778 net extra guacamole-server_0.9.9-2+deb9u1.dsc cce818bfcba35fe0456b45d988118893 679797 net extra guacamole-server_0.9.9.orig.tar.gz 744e604c0baafa53d0edf31aeba69b8d 15856 net extra guacamole-server_0.9.9-2+deb9u1.debian.tar.xz 728d1e1bb6962124b974fcc8b767e988 17687 net extra guacamole-server_0.9.9-2+deb9u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl+lyEpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk+g4P/RK4phFt3UzzGT64r8652hikfsy+KIIYHUti 2cVUQuxS+THFHcwLBG7lpnPEVZpJUIB9UbtDpTjce/RGz3hDPrhl4mdIBcizyKcW LjbxK72pWsFhv0z2DStoeJO/QychU66Po5TbFxzjh+bmR7z0Z7vGDk4A0kJQLcp/ VqLry+PzdvowOizYix56TjPCp/1Y+s9QJzWpHMA7vaNPntdd6R/w48//6phcB9r9 nA5b2jgHOGY10XjNDyJxHRrlq0bDpNpcVijM2Tb1gt7zic+j63thikPoPf6SUqMj 3kvKHvOC1+QtImEZuojkCGkAXgftEOZtcFvhdG+uFLZMCxV1X409tW9essMoVN12 2qwMQoSl0aqV6KsMgxDnZOO1E/0bQhRkJiElMDvjK8sURZlXdEO1VaCtksiBjMHA reY95+GQZ3mKU0rBQpV+UiqhuY8o8o/W388wAGHSXeFQLo9lj0VJYc9RjirLXTky 7M++HSn6auvvEgW0aWjrd5RqXqh9ZXxduNRsUurQEvi1IXAev9oAOiBbZnD8q++l /lIuJug73WiT2u06SWDw8kQtJb9v2Klgi6bLTP+9tTk26O+tXbqupeUzxIS9QWCx A3ky3Nf6TIb9IQV4r583kIEyEo6pj1ev2zzBiFqR+t25NZYs3scFQLiJ64jGOXvZ LAQ2SGAX =/7JG -----END PGP SIGNATURE-----
