Branch p11 update bulletin.

Package guacamole-server updated to version 1.6.0-alt2 for branch p11 in task 393932.

Published: 2025-07-02
Modified: 2025-11-04

CVE-2024-35164

The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.6.0, which fixes this issue.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

https://lists.apache.org/thread/sgs8lplbkrpvd3hrvcnnxh3028h4py70
http://www.openwall.com/lists/oss-security/2025/07/01/2

Version: 2.1.2

Branch p11 update on 2025-12-18

ALT-BU-2025-15893-1

ALT-PU-2025-15675-2

Closed vulnerabilities

CVE-2024-35164