Updated freerdp packages fix security vulnerabilities
Publication date: 05 Jan 2019Modification date: 05 Jan 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-8784 , CVE-2018-8785 , CVE-2018-8786 , CVE-2018-8787 , CVE-2018-8788 , CVE-2018-8789
Description
Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2018-8784, CVE-2018-8785). Eyal Itkin discovered FreeRDP incorrectly handled bitmaps. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2018-8786, CVE-2018-8787). Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2018-8788). Eyal Itkin discovered FreeRDP incorrectly handled NTLM authentication. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2018-8789).
References
- https://bugs.mageia.org/show_bug.cgi?id=24074
- https://usn.ubuntu.com/3845-1/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8784
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8785
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8786
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8787
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8788
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8789
SRPMS
6/core
- freerdp-2.0.0-0.rc4.1.mga6