Advisories ยป MGASA-2019-0041

Updated rdesktop package fixes security vulnerabilities

Publication date: 18 Jan 2019
Modification date: 18 Jan 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-8794 , CVE-2018-8795 , CVE-2018-8797 , CVE-2018-20175 , CVE-2018-20175 , CVE-2018-20176 , CVE-2018-20176 , CVE-2018-8791 , CVE-2018-8792 , CVE-2018-8793 , CVE-2018-8796 , CVE-2018-8798 , CVE-2018-8799 , CVE-2018-8800 , CVE-2018-20174 , CVE-2018-20177 , CVE-2018-20178 , CVE-2018-20179 , CVE-2018-20180 , CVE-2018-20181 , CVE-2018-20182

Description

rdesktop has been updated to fix multiple CVE's.
Fix memory corruption in process_bitmap_data - CVE-2018-8794
Fix remote code execution in process_bitmap_data - CVE-2018-8795
Fix remote code execution in process_plane - CVE-2018-8797
Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175
Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175
Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176
Fix Denial of Service in sec_recv - CVE-2018-20176
Fix minor information leak in rdpdr_process - CVE-2018-8791
Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792
Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793
Fix Denial of Service in process_bitmap_data - CVE-2018-8796
Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798
Fix Denial of Service in process_secondary_order - CVE-2018-8799
Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800
Fix major information leak in ui_clip_handle_data - CVE-2018-20174
Fix memory corruption in rdp_in_unistr - CVE-2018-20177
Fix Denial of Service in process_demand_active - CVE-2018-20178
Fix remote code execution in lspci_process - CVE-2018-20179
Fix remote code execution in rdpsnddbg_process - CVE-2018-20180
Fix remote code execution in seamless_process - CVE-2018-20181
Fix remote code execution in seamless_process_line - CVE-2018-20182

References

SRPMS

6/core