Fedora alert FEDORA-2025-c597fcda32 (guacamole-server)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 41 Update: guacamole-server-1.6.0-1.fc41 | |
| Date: | Fri, 04 Jul 2025 01:08:08 +0000 | |
| Message-ID: | <20250704010808.F2186AEF2C@bastion01.rdu3.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-c597fcda32 2025-07-04 01:07:02.316591+00:00 -------------------------------------------------------------------------------- Name : guacamole-server Product : Fedora 41 Version : 1.6.0 Release : 1.fc41 URL : https://guacamole.apache.org/ Summary : Server-side native components that form the Guacamole proxy Description : Guacamole is an HTML5 remote desktop gateway. Guacamole provides access to desktop environments using remote desktop protocols like VNC and RDP. A centralized server acts as a tunnel and proxy, allowing access to multiple desktops through a web browser. No browser plugins are needed, and no client software needs to be installed. The client requires nothing more than a web browser supporting HTML5 and AJAX. The main web application is provided by the "guacamole-client" package. -------------------------------------------------------------------------------- Update Information: Apache Guacamole 1.6.0 User interface / platform Add the ability to specify separate permissions for “History” and “Active sessions” tabs (GUACAMOLE-538) Support batch import of connections from CSV (GUACAMOLE-926) Add parameter token for connection name (GUACAMOLE-1177) Provide audit log for system modifications (GUACAMOLE-1224) Configurable username case sensitivity (GUACAMOLE-1239) Provide chunked file upload mechanism (GUACAMOLE-1320) Display whether user groups are disabled in group list (GUACAMOLE-1479) Support for true fullscreen mode and keyboard lock (GUACAMOLE-1525) Allow branding/customization of the section headers on the user home page (GUACAMOLE-1584) Add support for specifying VNC “encodings” parameter in webapp UI (GUACAMOLE-1642) Automatically clear view if session expires in background (GUACAMOLE-1744) Base64 encoding of image/binary data results in excessive syscalls that can degrade performance (GUACAMOLE-1776) Update session recording playback progress during large frame gaps (GUACAMOLE-1803) Enable viewing / searching of key events in session recording playback (GUACAMOLE-1820) Improvements to the “Recent connections” section (GUACAMOLE-1866) History Recording Player should indicate points of interest (GUACAMOLE-1876) Enhance client custom field functionality (GUACAMOLE-1904) Provide notification, jump-to-top of page for a clone operation (GUACAMOLE-1916) Bug: Logging of request details fails with recent Tomcat (GUACAMOLE-2052) Authentication, integration, and storage Ensure GUAC_DATE/GUAC_TIME tokens match connection startDate (GUACAMOLE-61) Add Proxy Hostname and Port to LDAP Extension (GUACAMOLE-577) Add webapp support for smart card authentication (GUACAMOLE-839) Enforce rate limit on authentication attempts (GUACAMOLE-990) Broadly configurable time limits for user logins and connection usage (GUACAMOLE-1020) Randomize generation of TOTP key until enrollment is confirmed (GUACAMOLE-1068) Allow TOTP to be disabled by group membership (GUACAMOLE-1219) Update guacamole-auth-duo to “Duo Web v4 SDK” (GUACAMOLE-1289) SAML module should be able to encrypt and sign requests (GUACAMOLE-1372) Allow LDAP extension to configure TLS level (GUACAMOLE-1488) Clarify TOTP reset/status logic (GUACAMOLE-1550) Allow JDBC Auth Extensions to track history for external connections (GUACAMOLE-1616) Allow extraction of “domain” token from vault extensions (GUACAMOLE-1623) Enable more granular vault associations (GUACAMOLE-1629) Allow use of KSM one-time tokens in guacamole-vault-ksm extension (GUACAMOLE-1643) Allow per-user KSM Vault configurations (GUACAMOLE-1656) KSM vault extension should allow searching records by domain (GUACAMOLE-1661) Allow user to configure Keeper Secrets Manager call frequency (GUACAMOLE-1722) Enforce user access windows even when already logged in (GUACAMOLE-1723) Add SSO providers list to UI at most once (GUACAMOLE-1757) Allow TOTP and SAML auth to be used together (GUACAMOLE-1780) Bug: KSM Vault extension doesn’t support private key from “PAM User” record type (GUACAMOLE-1795) Map JWT claims from OpenID Connect as parameter tokens (GUACAMOLE-1844) Allow MFA to be bypassed or enforced based on client IP (GUACAMOLE-1855) Add parameter token for domain of LDAP user (GUACAMOLE-1881) Disable autofill on TOTP verification code field (GUACAMOLE-1946) Provide a comprehensive error message for input exceeding database column (GUACAMOLE-1948) Protocol support / guacd Allow selection of whole words by double-clicking (GUACAMOLE-192) Improve efficiency of streaming complex/large changes (Graphics Pipeline Extension, RemoteFX) (GUACAMOLE-377) Allow specifying connection timeout (GUACAMOLE-600) Add support for FreeRDP 3.0.0 (GUACAMOLE-1026) Bug: Connecting to unpublished RemoteApp results in black screen (GUACAMOLE-1084) Bug: Add support for right modifier keys to SSH/Telnet (GUACAMOLE-1113) Add auto resize to VNC sessions (GUACAMOLE-1196) RemoteApp windows become inaccessible after being minimized (GUACAMOLE-1231) Bug: Lines of file gets broken when navigating back and forth using a text editor (GUACAMOLE-1256) Add option to the vnc protocol to disable remote input (GUACAMOLE-1267) Add support for SSH certificates (GUACAMOLE-1290) Add parameter for specifying known RDP server certificate/fingerprint (GUACAMOLE-1332) Bug: “AltGr” received as “Alt” if remote keyboard layout lacks “AltGr” (GUACAMOLE-1473) Bug: Terminal emulator adds newlines when copying a wrapped line of text (GUACAMOLE-1586) Add small margins to SSH sessions (GUACAMOLE-1622) Bug: Text copied from terminal emulator may incorrectly omit indentation (GUACAMOLE-1632) Add terminal support for alternate screen buffer (GUACAMOLE-1633) Bug: SFTP+VNC broken when built with OpenSSL versions >= 1.1.0 (GUACAMOLE-1652) Clipboard normalization support for SSH connections (GUACAMOLE-1682) Test machine availability when sending Wake-on-LAN packet (GUACAMOLE-1686) Bug: Japanese characters display garbled in terminal when using guacd docker image (GUACAMOLE-1726) Add parameters for VNC compression and quality levels (GUACAMOLE-1760) Terminal protocols should support mac-style cmd+v paste shortcut (GUACAMOLE-1804) Ignore Ctrl+Shift+C within terminal emulator (GUACAMOLE-1805) Allow writing recordings to existing files (GUACAMOLE-1931) Bug: RDP connection fails when microphone input is enabled (GUACAMOLE-1940) Bug: Selected text in SSH is offset from cursor position (GUACAMOLE-1944) Bug: Multiple wheel events per mouse wheel tick (GUACAMOLE-1967) Bug: FreeRDP may invoke EndPaint without BeginPaint as of 3.8.0 (GUACAMOLE-1997) Internationalization Bug: Japanese keyboard layout for RDP incorrect (GUACAMOLE-520) Add support for Canadian french keyboard layout (GUACAMOLE-1312) Update French translations (GUACAMOLE-1611) Fix some typos in italian translation and improve it (GUACAMOLE-1612) Updated czech translation (GUACAMOLE-1664) Updated german translation (GUACAMOLE-1692) Add Czech keyboard layout (GUACAMOLE-1708) Polish translation (GUACAMOLE-1730) Updated czech translation (GUACAMOLE-1758) Add Romanian keymap to RDP protocol (GUACAMOLE-1770) Add Portuguese keymap to RDP protocol (GUACAMOLE-1771) Update the Simplified Chinese translation (GUACAMOLE-1778) Update the Simplified Chinese translation for totp auth extension (GUACAMOLE-1781) Updated czech translation (GUACAMOLE-1792) Bug: Mac Firefox repeats composed characters (GUACAMOLE-1810) Documentation Add missing WEBAPP_CONTEXT variable in docker setup documentation (GUACAMOLE-1680) Document RemoteIPValve to cover IPv4 and IPv6 (GUACAMOLE-1861) General housekeeping and cleanup Provide GuacamoleProperty List Implementations (GUACAMOLE-1006) Expose client state enum values (GUACAMOLE-1402) Guacamole manual: Makefile: find uses non-POSIX arguments (GUACAMOLE-1501) Bug: Phantomjs build issues on ubuntu 22.04 (GUACAMOLE-1614) Remove usage of AccessController (GUACAMOLE-1716) Bug: Correct autoconf issues that result in odd build results (GUACAMOLE-1719) Stop storing unnecessary auth response data in local storage (GUACAMOLE-1721) Bug: Projects outside scope of 1.5.0 fail to build following merge of version number bump (GUACAMOLE-1731) Bug: Projects outside scope of 1.5.1 fail to build following merge of version number bump (GUACAMOLE-1767) Bug: SQLSERVER_BATCH_SIZE defined twice in SQLServerGuacamoleProperties (GUACAMOLE-1789) Bug: Projects outside scope of 1.5.2 fail to build following merge of version number bump (GUACAMOLE-1790) Bug: Projects outside scope of 1.5.3 fail to build following merge of version number bump (GUACAMOLE-1829) Bug: Merge conflict markers left in guacamole-manual source (GUACAMOLE-1833) KSM Vault extension should support new PAM Hostname field type (GUACAMOLE-1868) Align libraries on “Library status” output (GUACAMOLE-1869) Check return values of WebP API functions (GUACAMOLE-1875) Bug: Projects outside scope of 1.5.4 fail to build following merge of version number bump (GUACAMOLE-1887) Bump versions for projects outside the 1.5.5 scope (GUACAMOLE-1915) Add support for FFmpeg 7.0 (GUACAMOLE-1952) Update dependencies to latest stable and compatible versions (GUACAMOLE-1956) Bump versions to 1.6.0 (GUACAMOLE-1980) Bug: Compile error in src/protocols/rdp/channels/rail.c (GUACAMOLE-1982) Upgrade KSM SDK to latest (v16.6.5) (GUACAMOLE-1984) -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 24 2025 Robert Scheck <robert@fedoraproject.org> - 1.6.0-1 - Update to 1.6.0 (#2363860, thanks to W. Michael Petullo) - Add upstream patch for src/libguac/wol.c to fix inet_pton being called with a destination buffer size too small (GUACAMOLE-2087) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2375882 - CVE-2024-35164 guacamole: Apache Guacamole improper input validation https://bugzilla.redhat.com/show_bug.cgi?id=2375882 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c597fcda32' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
Attachment: None (type=text/plain)
-- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue