Ripple20 – No Cause for Waves for the Leostream Platform

The Ripple20 vulnerabilities are starting to make waves with Leostream customers and in the world at large. For customers wondering if their Leostream components are subject to the Ripple20 vulnerabilities, allow me to quickly put your mind at ease. 

None of the Leostream software leverage the networking stack related to the Ripple20 vulnerabilities. Also, your Leostream Connection Brokers and Leostream Gateways are installed on CentOS or Red Hat Enterprise Linux operating systems, which leverage the native Linux networking stack. 

In summary, you’re good!

Want to know more about the vulnerabilities? This blog by JSOF provides detailed information about the vulnerabilities, including vendors that are known to be or to not be affected.

Leostream Gateway update resolves vulnerabilities in the HTML5 Viewer

Leostream leverages the Apache Guacamole™ software in our Leostream Gateway. Recently, two vulnerabilities were reported and resolved in that open source software:

CVE-2020-9497

CVE-2020-9498

Leostream Gateway 2.0.0.4 includes an updated version of Guacamole to address these vulnerabilities. All Leostream customers that leverage the Leostream Gateway for HTML5-based connections are encouraged to upgrade to this version.

You can read more in the Leostream release notes.

If you don’t leverage the HTML5 viewer, Leostream still encourages you to upgrade to the latest version, which includes a CLI option to disable Guacamole. Instructions on using the CLI are in the Leostream Gateway Administrator’s Guide.