Advisories ยป MGASA-2019-0012

Updated freerdp packages fix security vulnerabilities

Publication date: 05 Jan 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-8784 , CVE-2018-8785 , CVE-2018-8786 , CVE-2018-8787 , CVE-2018-8788 , CVE-2018-8789

Description

Eyal Itkin discovered FreeRDP incorrectly handled certain stream
encodings. A malicious server could use this issue to cause FreeRDP to
crash, resulting in a denial of service, or possibly execute arbitrary
code (CVE-2018-8784, CVE-2018-8785).

Eyal Itkin discovered FreeRDP incorrectly handled bitmaps. A malicious
server could use this issue to cause FreeRDP to crash, resulting in a
denial of service, or possibly execute arbitrary code (CVE-2018-8786,
CVE-2018-8787).

Eyal Itkin discovered FreeRDP incorrectly handled certain stream
encodings. A malicious server could use this issue to cause FreeRDP to
crash, resulting in a denial of service, or possibly execute arbitrary
code (CVE-2018-8788).

Eyal Itkin discovered FreeRDP incorrectly handled NTLM authentication. A
malicious server could use this issue to cause FreeRDP to crash,
resulting in a denial of service, or possibly execute arbitrary code
(CVE-2018-8789).
                

References

SRPMS

6/core