Fedora 25 FEDORA-2017-ed31e1f941 Critical: FreeRDP Denial of Service Issues

The xfreerdp Remote Desktop Protocol (RDP) client from the FreeRDP project.

xfreerdp can connect to RDP servers such as Microsoft Windows machines, xrdp and

VirtualBox.

Update to latest snapshot that contains fixes for the latest Talos discovered

CVEs.

[ 1 ] Bug #1475240 - CVE-2017-2836 freerdp: Rdp Client Read Server Proprietary Certificate Denial of Service

https://bugzilla.redhat.com/show_bug.cgi?id=1475240

[ 2 ] Bug #1475239 - CVE-2017-2837 freerdp: Rdp Client GCC Read Server Security Data Denial of Service

https://bugzilla.redhat.com/show_bug.cgi?id=1475239

[ 3 ] Bug #1475236 - CVE-2017-2838 freerdp: Rdp Client License Read Product Info Denial of Service

https://bugzilla.redhat.com/show_bug.cgi?id=1475236

[ 4 ] Bug #1475234 - CVE-2017-2839 freerdp: Rdp Client License Read Challenge Packet Denial of Service

https://bugzilla.redhat.com/show_bug.cgi?id=1475234

[ 5 ] Bug #1475233 - CVE-2017-2835 freerdp: Out-of-bounds write in rdp_recv_tpkt_pdu

https://bugzilla.redhat.com/show_bug.cgi?id=1475233

[ 6 ] Bug #1475224 - CVE-2017-2834 freerdp: Out-of-bounds write in license_recv()

https://bugzilla.redhat.com/show_bug.cgi?id=1475224

su -c 'dnf upgrade freerdp' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org