This issue has been addressed in the following versions of Citrix Secure Access client for Ubuntu:
- 23.5.2 and later releases
Citrix recommends that customers who are affected by the above vulnerability upgrade the Citrix Secure Access client for Ubuntu installed on their endpoints by taking the following actions as soon as possible:
- If Citrix Secure Access client for Ubuntu is distributed via the SSL VPN upgrade control feature of Citrix ADC or Citrix Gateway:
Check the versions of Citrix Secure Access client for Ubuntu that are being distributed by each Citrix ADC or Citrix Gateway instance. This can be done by viewing the file located at /var/netscaler/gui/vpn/scripts/linux/clientversions.xml. If it is a vulnerable version, customers must:
Information about the upgrade control feature is detailed at: https://docs.citrix.com/en-us/citrix-gateway/13/vpn-user-config/how-users-connect-with-gateway-plugin.html#control-upgrade-of-citrix-gateway-plug-ins
- If Citrix Secure Access client is distributed/upgraded directly onto users' devices:
Customers must install the above mentioned fixed client on their users’ devices by downloading them from https://www.citrix.com/downloads/citrix-gateway/plug-ins/Citrix-Gateway-VPN-EPA-Clients-Ubuntu.html