{ "schema_version": "1.7.0", "id": "MGASA-2014-0287", "published": "2014-07-08T22:41:00Z", "modified": "2014-07-08T22:40:53Z", "summary": "Updated freerdp packages fix two vulnerabilities", "details": "Updated freerdp packages fix security vulnerabilities:\n\nInteger overflows in memory allocations in client/X11/xf_graphics.c in FreeRDP\nthrough 1.0.2 allows remote RDP servers to have an unspecified impact through\nunspecified vectors (CVE-2014-0250).\n\nInteger overflow in the license_read_scope_list function in\nlibfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers\nto cause a denial of service (application crash) or possibly have unspecified\nother impact via a large ScopeCount value in a Scope List in a Server License\nRequest packet (CVE-2014-0791).\n", "upstream": [ "CVE-2014-0250", "CVE-2014-0791" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2014-0287.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-updates/2014-07/msg00008.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=13444" } ], "affected": [ { "package": { "ecosystem": "Mageia:3", "name": "freerdp", "purl": "pkg:rpm/mageia/freerdp?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "1.0.1-2.1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:4", "name": "freerdp", "purl": "pkg:rpm/mageia/freerdp?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "1.0.2-2.1.mga4" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }