U radu više programskih paketa uočen je sigurnosni nedostatak koji omogućava izvođenje DoS napada. Ranjivi paketi su: guacamole-common, libguac-client-vnc, guacamole-ext, guacd, libguac, guacamole-common-js te libguac-client-rdp.
| Paket: | guacamole-common 0.x, guacamole-common-js 0.x, guacamole-ext 0.x, guacd 0.x, libguac 0.x, libguac-client-rdp 0.x, libguac-client-vnc 0.x |
| Operacijski sustavi: | Fedora 16, Fedora 17, Fedora 18 |
| Problem: | preljev međuspremnika |
| Iskorištavanje: | lokalno/udaljeno |
| Posljedica: | uskraćivanje usluga (DoS) |
| Rješenje: | programska zakrpa proizvođača |
| CVE: | CVE-2012-4415 |
| Izvorni ID preporuke: | FEDORA-2012-14097 |
| Izvor: | Fedora |
| Problem: | |
| Problem je uzrokovan nepravilnom obradom ulaza iz "guac" klijentske komponente. |
|
| Posljedica: | |
| Napadač bi mogao iskoristiti propuste za izvršavanje DoS napada. |
|
| Rješenje: | |
| Svim se korisnicima, u svrhu zaštite, savjetuje instalacija nadogradnje. |
|
Izvorni tekst preporuke
-------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-14097
2012-09-17 16:29:05
--------------------------------------------------------------------------------
Name : guacamole-common
Product : Fedora 16
Version : 0.6.1
Release : 2.fc16
URL : http://guac-dev.org/
Summary : The core Java library used by the Guacamole web application
Description :
Guacamole is an HTML5 web application that provides access to desktop
environments using remote desktop protocols such as VNC or RDP. A centralized
server acts as a tunnel and proxy, allowing access to multiple desktops through
a web browser. No plugins are needed: the client requires nothing more than a
web browser supporting HTML5 and AJAX.
guacamole-common is the core Java library used by the Guacamole web application.
guacamole-common provides abstract means of connecting to guacd, interfacing
with the JavaScript client and tunnel provided by guacamole-common-js, and
reading configuration from a standard location (guacamole.properties).
--------------------------------------------------------------------------------
Update Information:
Guacamole C stack rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #856743 - CVE-2012-4415 libguac: Stack-based buffer overflow by
protocol handling in guac client plug-in
https://bugzilla.redhat.com/show_bug.cgi?id=856743
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update guacamole-common' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-14097
2012-09-17 16:29:05
--------------------------------------------------------------------------------
Name : libguac-client-vnc
Product : Fedora 16
Version : 0.6.0
Release : 8.fc16
URL : http://guac-dev.org/
Summary : VNC support for guacd
Description :
Guacamole is an HTML5 web application that provides access to desktop
environments using remote desktop protocols such as VNC or RDP. A centralized
server acts as a tunnel and proxy, allowing access to multiple desktops through
a web browser. No plugins are needed: the client requires nothing more than a
web browser supporting HTML5 and AJAX.
libguac-client-vnc is a plugin for guacd which provides support for VNC via the
libvncclient library (part of libvncserver).
--------------------------------------------------------------------------------
Update Information:
Guacamole C stack rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #856743 - CVE-2012-4415 libguac: Stack-based buffer overflow by
protocol handling in guac client plug-in
https://bugzilla.redhat.com/show_bug.cgi?id=856743
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update libguac-client-vnc' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-14097
2012-09-17 16:29:05
--------------------------------------------------------------------------------
Name : guacamole-ext
Product : Fedora 16
Version : 0.6.1
Release : 2.fc16
URL : http://guac-dev.org/
Summary : Common interfaces for extending the main Guacamole web application
Description :
Guacamole is an HTML5 web application that provides access to desktop
environments using remote desktop protocols such as VNC or RDP. A centralized
server acts as a tunnel and proxy, allowing access to multiple desktops through
a web browser. No plugins are needed: the client requires nothing more than a
web browser supporting HTML5 and AJAX.
guacamole-ext is a Java library used by the Guacamole web application to allow
its built-in functionality, such as authentication, to be extended or modified.
guacamole-ext provides an interface for retrieving a set of authorized
connection configurations for a given set of arbitrary credentials. Classes
implementing this interface can be referenced in guacamole.properties to allow
different authentication mechanisms (such as LDAP or SSL client authentication)
to be used.
--------------------------------------------------------------------------------
Update Information:
Guacamole C stack rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #856743 - CVE-2012-4415 libguac: Stack-based buffer overflow by
protocol handling in guac client plug-in
https://bugzilla.redhat.com/show_bug.cgi?id=856743
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update guacamole-ext' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-14097
2012-09-17 16:29:05
--------------------------------------------------------------------------------
Name : guacd
Product : Fedora 16
Version : 0.6.1
Release : 3.fc16
URL : http://guac-dev.org/
Summary : Proxy daemon for Guacamole
Description :
Guacamole is an HTML5 web application that provides access to desktop
environments using remote desktop protocols such as VNC or RDP. A centralized
server acts as a tunnel and proxy, allowing access to multiple desktops through
a web browser. No plugins are needed: the client requires nothing more than a
web browser supporting HTML5 and AJAX.
guacd is the Guacamole proxy daemon used by the Guacamole web application and
framework to translates between arbitrary protocols and the Guacamole protocol.
--------------------------------------------------------------------------------
Update Information:
Guacamole C stack rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #856743 - CVE-2012-4415 libguac: Stack-based buffer overflow by
protocol handling in guac client plug-in
https://bugzilla.redhat.com/show_bug.cgi?id=856743
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update guacd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-14097
2012-09-17 16:29:05
--------------------------------------------------------------------------------
Name : libguac
Product : Fedora 16
Version : 0.6.3
Release : 1.fc16
URL : http://guac-dev.org/
Summary : The common library used by all C components of Guacamole
Description :
Guacamole is an HTML5 web application that provides access to desktop
environments using remote desktop protocols such as VNC or RDP. A centralized
server acts as a tunnel and proxy, allowing access to multiple desktops through
a web browser. No plugins are needed: the client requires nothing more than a
web browser supporting HTML5 and AJAX.
libguac is the core library for guacd (the Guacamole proxy) and any protocol
support plugins for guacd. libguac provides efficient buffered I/O of text and
base64 data, as well as somewhat abstracted functions for sending Guacamole
instructions.
--------------------------------------------------------------------------------
Update Information:
Guacamole C stack rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #856743 - CVE-2012-4415 libguac: Stack-based buffer overflow by
protocol handling in guac client plug-in
https://bugzilla.redhat.com/show_bug.cgi?id=856743
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update libguac' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-14097
2012-09-17 16:29:05
--------------------------------------------------------------------------------
Name : guacamole-common-js
Product : Fedora 16
Version : 0.6.1
Release : 2.fc16
URL : http://guac-dev.org/
Summary : The JavaScript library used by the Guacamole web application
Description :
Guacamole is an HTML5 web application that provides access to desktop
environments using remote desktop protocols such as VNC or RDP. A centralized
server acts as a tunnel and proxy, allowing access to multiple desktops through
a web browser. No plugins are needed: the client requires nothing more than a
web browser supporting HTML5 and AJAX.
guacamole-common-js is the core JavaScript library used by the Guacamole web
application.
--------------------------------------------------------------------------------
Update Information:
Guacamole C stack rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #856743 - CVE-2012-4415 libguac: Stack-based buffer overflow by
protocol handling in guac client plug-in
https://bugzilla.redhat.com/show_bug.cgi?id=856743
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update guacamole-common-js' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-14179
2012-09-17 16:41:09
--------------------------------------------------------------------------------
Name : guacamole-ext
Product : Fedora 17
Version : 0.6.1
Release : 2.fc17
URL : http://guac-dev.org/
Summary : Common interfaces for extending the main Guacamole web application
Description :
Guacamole is an HTML5 web application that provides access to desktop
environments using remote desktop protocols such as VNC or RDP. A centralized
server acts as a tunnel and proxy, allowing access to multiple desktops through
a web browser. No plugins are needed: the client requires nothing more than a
web browser supporting HTML5 and AJAX.
guacamole-ext is a Java library used by the Guacamole web application to allow
its built-in functionality, such as authentication, to be extended or modified.
guacamole-ext provides an interface for retrieving a set of authorized
connection configurations for a given set of arbitrary credentials. Classes
implementing this interface can be referenced in guacamole.properties to allow
different authentication mechanisms (such as LDAP or SSL client authentication)
to be used.
--------------------------------------------------------------------------------
Update Information:
Guacamole C stack rebuild
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #856743 - CVE-2012-4415 libguac: Stack-based buffer overflow by
protocol handling in guac client plug-in
https://bugzilla.redhat.com/show_bug.cgi?id=856743
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update guacamole-ext' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-14179
2012-09-17 16:41:09
--------------------------------------------------------------------------------
Name : guacamole-common-js
Product : Fedora 17
Version : 0.6.1
Release : 2.fc17
URL : http://guac-dev.org/
Summary : The JavaScript library used by the Guacamole web application
Description :
Guacamole is an HTML5 web application that provides access to desktop
environments using remote desktop protocols such as VNC or RDP. A centralized
server acts as a tunnel and proxy, allowing access to multiple desktops through
a web browser. No plugins are needed: the client requires nothing more than a
web browser supporting HTML5 and AJAX.
guacamole-common-js is the core JavaScript library used by the Guacamole web
application.
--------------------------------------------------------------------------------
Update Information:
Guacamole C stack rebuild
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #856743 - CVE-2012-4415 libguac: Stack-based buffer overflow by
protocol handling in guac client plug-in
https://bugzilla.redhat.com/show_bug.cgi?id=856743
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update guacamole-common-js' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-14179
2012-09-17 16:41:09
--------------------------------------------------------------------------------
Name : libguac-client-vnc
Product : Fedora 17
Version : 0.6.0
Release : 8.fc17
URL : http://guac-dev.org/
Summary : VNC support for guacd
Description :
Guacamole is an HTML5 web application that provides access to desktop
environments using remote desktop protocols such as VNC or RDP. A centralized
server acts as a tunnel and proxy, allowing access to multiple desktops through
a web browser. No plugins are needed: the client requires nothing more than a
web browser supporting HTML5 and AJAX.
libguac-client-vnc is a plugin for guacd which provides support for VNC via the
libvncclient library (part of libvncserver).
--------------------------------------------------------------------------------
Update Information:
Guacamole C stack rebuild
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #856743 - CVE-2012-4415 libguac: Stack-based buffer overflow by
protocol handling in guac client plug-in
https://bugzilla.redhat.com/show_bug.cgi?id=856743
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update libguac-client-vnc' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-14179
2012-09-17 16:41:09
--------------------------------------------------------------------------------
Name : libguac
Product : Fedora 17
Version : 0.6.3
Release : 1.fc17
URL : http://guac-dev.org/
Summary : The common library used by all C components of Guacamole
Description :
Guacamole is an HTML5 web application that provides access to desktop
environments using remote desktop protocols such as VNC or RDP. A centralized
server acts as a tunnel and proxy, allowing access to multiple desktops through
a web browser. No plugins are needed: the client requires nothing more than a
web browser supporting HTML5 and AJAX.
libguac is the core library for guacd (the Guacamole proxy) and any protocol
support plugins for guacd. libguac provides efficient buffered I/O of text and
base64 data, as well as somewhat abstracted functions for sending Guacamole
instructions.
--------------------------------------------------------------------------------
Update Information:
Guacamole C stack rebuild
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #856743 - CVE-2012-4415 libguac: Stack-based buffer overflow by
protocol handling in guac client plug-in
https://bugzilla.redhat.com/show_bug.cgi?id=856743
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update libguac' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-14179
2012-09-17 16:41:09
--------------------------------------------------------------------------------
Name : libguac-client-rdp
Product : Fedora 17
Version : 0.6.1
Release : 2.fc17
URL : http://guac-dev.org/
Summary : RDP support for guacd
Description :
Guacamole is an HTML5 web application that provides access to desktop
environments using remote desktop protocols such as VNC or RDP. A centralized
server acts as a tunnel and proxy, allowing access to multiple desktops through
a web browser. No plugins are needed: the client requires nothing more than a
web browser supporting HTML5 and AJAX.
libguac-client-rdp is a plugin for guacd which provides support for RDP
via the FreeRDP library.
--------------------------------------------------------------------------------
Update Information:
Guacamole C stack rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #856743 - CVE-2012-4415 libguac: Stack-based buffer overflow by
protocol handling in guac client plug-in
https://bugzilla.redhat.com/show_bug.cgi?id=856743
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update libguac-client-rdp' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-14179
2012-09-17 16:41:09
--------------------------------------------------------------------------------
Name : guacd
Product : Fedora 17
Version : 0.6.1
Release : 3.fc17
URL : http://guac-dev.org/
Summary : Proxy daemon for Guacamole
Description :
Guacamole is an HTML5 web application that provides access to desktop
environments using remote desktop protocols such as VNC or RDP. A centralized
server acts as a tunnel and proxy, allowing access to multiple desktops through
a web browser. No plugins are needed: the client requires nothing more than a
web browser supporting HTML5 and AJAX.
guacd is the Guacamole proxy daemon used by the Guacamole web application and
framework to translates between arbitrary protocols and the Guacamole protocol.
--------------------------------------------------------------------------------
Update Information:
Guacamole C stack rebuild
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #856743 - CVE-2012-4415 libguac: Stack-based buffer overflow by
protocol handling in guac client plug-in
https://bugzilla.redhat.com/show_bug.cgi?id=856743
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update guacd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-14179
2012-09-17 16:41:09
--------------------------------------------------------------------------------
Name : guacamole-common
Product : Fedora 17
Version : 0.6.1
Release : 2.fc17
URL : http://guac-dev.org/
Summary : The core Java library used by the Guacamole web application
Description :
Guacamole is an HTML5 web application that provides access to desktop
environments using remote desktop protocols such as VNC or RDP. A centralized
server acts as a tunnel and proxy, allowing access to multiple desktops through
a web browser. No plugins are needed: the client requires nothing more than a
web browser supporting HTML5 and AJAX.
guacamole-common is the core Java library used by the Guacamole web application.
guacamole-common provides abstract means of connecting to guacd, interfacing
with the JavaScript client and tunnel provided by guacamole-common-js, and
reading configuration from a standard location (guacamole.properties).
--------------------------------------------------------------------------------
Update Information:
Guacamole C stack rebuild
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #856743 - CVE-2012-4415 libguac: Stack-based buffer overflow by
protocol handling in guac client plug-in
https://bugzilla.redhat.com/show_bug.cgi?id=856743
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update guacamole-common' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Posljednje sigurnosne preporuke