Advisories » MGASA-2014-0287

Updated freerdp packages fix two vulnerabilities

Publication date: 08 Jul 2014
Modification date: 08 Jul 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-0250 , CVE-2014-0791

Description

Updated freerdp packages fix security vulnerabilities:

Integer overflows in memory allocations in client/X11/xf_graphics.c in FreeRDP
through 1.0.2 allows remote RDP servers to have an unspecified impact through
unspecified vectors (CVE-2014-0250).

Integer overflow in the license_read_scope_list function in
libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers
to cause a denial of service (application crash) or possibly have unspecified
other impact via a large ScopeCount value in a Scope List in a Server License
Request packet (CVE-2014-0791).
                

References

• http://lists.opensuse.org/opensuse-updates/2014-07/msg00008.html
• https://bugs.mageia.org/show_bug.cgi?id=13444
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0250
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0791

SRPMS

3/core

• freerdp-1.0.1-2.1.mga3

4/core

• freerdp-1.0.2-2.1.mga4