--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2019-5146cd34e2
2019-02-13 06:14:17.450086
--------------------------------------------------------------------------------Name        : rdesktop
Product     : Fedora 28
Version     : 1.8.4
Release     : 2.fc28
URL         : http://www.rdesktop.org/
Summary     : X client for remote desktop into Windows Terminal Server
Description :
rdesktop is an open source client for Windows NT Terminal Server and
Windows 2000 & 2003 Terminal Services, capable of natively speaking
Remote Desktop Protocol (RDP) in order to present the user's NT
desktop. Unlike Citrix ICA, no server extensions are required.

--------------------------------------------------------------------------------Update Information:

Update to 1.8.4.  Security fix for CVE-2018-8794 CVE-2018-8795 CVE-2018-8797
CVE-2018-20175 CVE-2018-20176 CVE-2018-8791 CVE-2018-8792 CVE-2018-8793
CVE-2018-8796 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800 CVE-2018-20174
CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181
CVE-2018-20182.
--------------------------------------------------------------------------------ChangeLog:

* Tue Jan 29 2019 Charles R. Anderson  - 1.8.4-2
- Escape macros in comments
- 1.8.4 release security fixes rhbz#1670427:
  CVE-2018-8794 CVE-2018-8795 CVE-2018-8797 CVE-2018-20175 CVE-2018-20176
  CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8796 CVE-2018-8798
  CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20177 CVE-2018-20178
  CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182
* Sat Jan 26 2019 Charles R. Anderson  - 1.8.4-1
- Update to 1.8.4 release
* Fri Nov 30 2018 Charles R. Anderson  - 1.8.4-0.1
- Update to git master
* Sat Jul 14 2018 Fedora Release Engineering  - 1.8.3-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb  9 2018 Fedora Release Engineering  - 1.8.3-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug  3 2017 Fedora Release Engineering  - 1.8.3-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering  - 1.8.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering  - 1.8.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #1670425 - CVE-2018-20182 rdesktop: Remote code execution in seamless_process_line
        https://bugzilla.redhat.com/show_bug.cgi?id=1670425
  [ 2 ] Bug #1670424 - CVE-2018-20181 rdesktop: Remote code execution in seamless_process
        https://bugzilla.redhat.com/show_bug.cgi?id=1670424
  [ 3 ] Bug #1670423 - CVE-2018-20180 rdesktop: Remote code execution in rdpsnddbg_process
        https://bugzilla.redhat.com/show_bug.cgi?id=1670423
  [ 4 ] Bug #1670422 - CVE-2018-20179 rdesktop: Remote code execution in lspci_process
        https://bugzilla.redhat.com/show_bug.cgi?id=1670422
  [ 5 ] Bug #1670417 - CVE-2018-20178 rdesktop: Denial of Service in process_demand_active
        https://bugzilla.redhat.com/show_bug.cgi?id=1670417
  [ 6 ] Bug #1670416 - CVE-2018-20177 rdesktop: Memory corruption in rdp_in_unistr
        https://bugzilla.redhat.com/show_bug.cgi?id=1670416
  [ 7 ] Bug #1670413 - CVE-2018-20174 rdesktop: Information leak in ui_clip_handle_data
        https://bugzilla.redhat.com/show_bug.cgi?id=1670413
  [ 8 ] Bug #1670412 - CVE-2018-8800 rdesktop: Remote code execution in ui_clip_handle_data
        https://bugzilla.redhat.com/show_bug.cgi?id=1670412
  [ 9 ] Bug #1670410 - CVE-2018-8799 rdesktop: Denial of Service in process_secondary_order
        https://bugzilla.redhat.com/show_bug.cgi?id=1670410
  [ 10 ] Bug #1670409 - CVE-2018-8798 rdesktop: Minor information leak in rdpsnd_process_ping
        https://bugzilla.redhat.com/show_bug.cgi?id=1670409
  [ 11 ] Bug #1670408 - CVE-2018-8796 rdesktop: Denial of Service in process_bitmap_data
        https://bugzilla.redhat.com/show_bug.cgi?id=1670408
  [ 12 ] Bug #1670406 - CVE-2018-8793 rdesktop: Remote code execution in cssp_read_tsrequest
        https://bugzilla.redhat.com/show_bug.cgi?id=1670406
  [ 13 ] Bug #1670404 - CVE-2018-8792 rdesktop: Denial of Service in cssp_read_tsrequest
        https://bugzilla.redhat.com/show_bug.cgi?id=1670404
  [ 14 ] Bug #1670403 - CVE-2018-8791 rdesktop: Minor information leak in rdpdr_process
        https://bugzilla.redhat.com/show_bug.cgi?id=1670403
  [ 15 ] Bug #1670401 - CVE-2018-20176 rdesktop: Denial of Service in sec_parse_crypt_info and sec_recv
        https://bugzilla.redhat.com/show_bug.cgi?id=1670401
  [ 16 ] Bug #1670400 - CVE-2018-20175 rdesktop: Denial of Service in mcs_recv_connect_response and mcs_parse_domain_params
        https://bugzilla.redhat.com/show_bug.cgi?id=1670400
  [ 17 ] Bug #1670393 - CVE-2018-8797 rdesktop: Remote code execution in process_plane
        https://bugzilla.redhat.com/show_bug.cgi?id=1670393
  [ 18 ] Bug #1670392 - CVE-2018-8795 rdesktop: Remote code execution in process_bitmap_data
        https://bugzilla.redhat.com/show_bug.cgi?id=1670392
  [ 19 ] Bug #1670384 - CVE-2018-8794 rdesktop: Memory corruption in process_bitmap_data
        https://bugzilla.redhat.com/show_bug.cgi?id=1670384
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-5146cd34e2' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Fedora 28: rdesktop Security Update

February 13, 2019
Update to 1.8.4

Summary

rdesktop is an open source client for Windows NT Terminal Server and

Windows 2000 & 2003 Terminal Services, capable of natively speaking

Remote Desktop Protocol (RDP) in order to present the user's NT

desktop. Unlike Citrix ICA, no server extensions are required.

Update to 1.8.4. Security fix for CVE-2018-8794 CVE-2018-8795 CVE-2018-8797

CVE-2018-20175 CVE-2018-20176 CVE-2018-8791 CVE-2018-8792 CVE-2018-8793

CVE-2018-8796 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800 CVE-2018-20174

CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181

CVE-2018-20182.

* Tue Jan 29 2019 Charles R. Anderson - 1.8.4-2

- Escape macros in comments

- 1.8.4 release security fixes rhbz#1670427:

CVE-2018-8794 CVE-2018-8795 CVE-2018-8797 CVE-2018-20175 CVE-2018-20176

CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8796 CVE-2018-8798

CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20177 CVE-2018-20178

CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182

* Sat Jan 26 2019 Charles R. Anderson - 1.8.4-1

- Update to 1.8.4 release

* Fri Nov 30 2018 Charles R. Anderson - 1.8.4-0.1

- Update to git master

* Sat Jul 14 2018 Fedora Release Engineering - 1.8.3-8

- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Fri Feb 9 2018 Fedora Release Engineering - 1.8.3-7

- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

* Thu Aug 3 2017 Fedora Release Engineering - 1.8.3-6

- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

* Thu Jul 27 2017 Fedora Release Engineering - 1.8.3-5

- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

* Sat Feb 11 2017 Fedora Release Engineering - 1.8.3-4

- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

[ 1 ] Bug #1670425 - CVE-2018-20182 rdesktop: Remote code execution in seamless_process_line

https://bugzilla.redhat.com/show_bug.cgi?id=1670425

[ 2 ] Bug #1670424 - CVE-2018-20181 rdesktop: Remote code execution in seamless_process

https://bugzilla.redhat.com/show_bug.cgi?id=1670424

[ 3 ] Bug #1670423 - CVE-2018-20180 rdesktop: Remote code execution in rdpsnddbg_process

https://bugzilla.redhat.com/show_bug.cgi?id=1670423

[ 4 ] Bug #1670422 - CVE-2018-20179 rdesktop: Remote code execution in lspci_process

https://bugzilla.redhat.com/show_bug.cgi?id=1670422

[ 5 ] Bug #1670417 - CVE-2018-20178 rdesktop: Denial of Service in process_demand_active

https://bugzilla.redhat.com/show_bug.cgi?id=1670417

[ 6 ] Bug #1670416 - CVE-2018-20177 rdesktop: Memory corruption in rdp_in_unistr

https://bugzilla.redhat.com/show_bug.cgi?id=1670416

[ 7 ] Bug #1670413 - CVE-2018-20174 rdesktop: Information leak in ui_clip_handle_data

https://bugzilla.redhat.com/show_bug.cgi?id=1670413

[ 8 ] Bug #1670412 - CVE-2018-8800 rdesktop: Remote code execution in ui_clip_handle_data

https://bugzilla.redhat.com/show_bug.cgi?id=1670412

[ 9 ] Bug #1670410 - CVE-2018-8799 rdesktop: Denial of Service in process_secondary_order

https://bugzilla.redhat.com/show_bug.cgi?id=1670410

[ 10 ] Bug #1670409 - CVE-2018-8798 rdesktop: Minor information leak in rdpsnd_process_ping

https://bugzilla.redhat.com/show_bug.cgi?id=1670409

[ 11 ] Bug #1670408 - CVE-2018-8796 rdesktop: Denial of Service in process_bitmap_data

https://bugzilla.redhat.com/show_bug.cgi?id=1670408

[ 12 ] Bug #1670406 - CVE-2018-8793 rdesktop: Remote code execution in cssp_read_tsrequest

https://bugzilla.redhat.com/show_bug.cgi?id=1670406

[ 13 ] Bug #1670404 - CVE-2018-8792 rdesktop: Denial of Service in cssp_read_tsrequest

https://bugzilla.redhat.com/show_bug.cgi?id=1670404

[ 14 ] Bug #1670403 - CVE-2018-8791 rdesktop: Minor information leak in rdpdr_process

https://bugzilla.redhat.com/show_bug.cgi?id=1670403

[ 15 ] Bug #1670401 - CVE-2018-20176 rdesktop: Denial of Service in sec_parse_crypt_info and sec_recv

https://bugzilla.redhat.com/show_bug.cgi?id=1670401

[ 16 ] Bug #1670400 - CVE-2018-20175 rdesktop: Denial of Service in mcs_recv_connect_response and mcs_parse_domain_params

https://bugzilla.redhat.com/show_bug.cgi?id=1670400

[ 17 ] Bug #1670393 - CVE-2018-8797 rdesktop: Remote code execution in process_plane

https://bugzilla.redhat.com/show_bug.cgi?id=1670393

[ 18 ] Bug #1670392 - CVE-2018-8795 rdesktop: Remote code execution in process_bitmap_data

https://bugzilla.redhat.com/show_bug.cgi?id=1670392

[ 19 ] Bug #1670384 - CVE-2018-8794 rdesktop: Memory corruption in process_bitmap_data

https://bugzilla.redhat.com/show_bug.cgi?id=1670384

su -c 'dnf upgrade --advisory FEDORA-2019-5146cd34e2' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

FEDORA-2019-5146cd34e2 2019-02-13 06:14:17.450086 Product : Fedora 28 Version : 1.8.4 Release : 2.fc28 URL : http://www.rdesktop.org/ Summary : X client for remote desktop into Windows Terminal Server Description : rdesktop is an open source client for Windows NT Terminal Server and Windows 2000 & 2003 Terminal Services, capable of natively speaking Remote Desktop Protocol (RDP) in order to present the user's NT desktop. Unlike Citrix ICA, no server extensions are required. Update to 1.8.4. Security fix for CVE-2018-8794 CVE-2018-8795 CVE-2018-8797 CVE-2018-20175 CVE-2018-20176 CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8796 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182. * Tue Jan 29 2019 Charles R. Anderson - 1.8.4-2 - Escape macros in comments - 1.8.4 release security fixes rhbz#1670427: CVE-2018-8794 CVE-2018-8795 CVE-2018-8797 CVE-2018-20175 CVE-2018-20176 CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8796 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182 * Sat Jan 26 2019 Charles R. Anderson - 1.8.4-1 - Update to 1.8.4 release * Fri Nov 30 2018 Charles R. Anderson - 1.8.4-0.1 - Update to git master * Sat Jul 14 2018 Fedora Release Engineering - 1.8.3-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Fri Feb 9 2018 Fedora Release Engineering - 1.8.3-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Aug 3 2017 Fedora Release Engineering - 1.8.3-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Thu Jul 27 2017 Fedora Release Engineering - 1.8.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Sat Feb 11 2017 Fedora Release Engineering - 1.8.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [ 1 ] Bug #1670425 - CVE-2018-20182 rdesktop: Remote code execution in seamless_process_line https://bugzilla.redhat.com/show_bug.cgi?id=1670425 [ 2 ] Bug #1670424 - CVE-2018-20181 rdesktop: Remote code execution in seamless_process https://bugzilla.redhat.com/show_bug.cgi?id=1670424 [ 3 ] Bug #1670423 - CVE-2018-20180 rdesktop: Remote code execution in rdpsnddbg_process https://bugzilla.redhat.com/show_bug.cgi?id=1670423 [ 4 ] Bug #1670422 - CVE-2018-20179 rdesktop: Remote code execution in lspci_process https://bugzilla.redhat.com/show_bug.cgi?id=1670422 [ 5 ] Bug #1670417 - CVE-2018-20178 rdesktop: Denial of Service in process_demand_active https://bugzilla.redhat.com/show_bug.cgi?id=1670417 [ 6 ] Bug #1670416 - CVE-2018-20177 rdesktop: Memory corruption in rdp_in_unistr https://bugzilla.redhat.com/show_bug.cgi?id=1670416 [ 7 ] Bug #1670413 - CVE-2018-20174 rdesktop: Information leak in ui_clip_handle_data https://bugzilla.redhat.com/show_bug.cgi?id=1670413 [ 8 ] Bug #1670412 - CVE-2018-8800 rdesktop: Remote code execution in ui_clip_handle_data https://bugzilla.redhat.com/show_bug.cgi?id=1670412 [ 9 ] Bug #1670410 - CVE-2018-8799 rdesktop: Denial of Service in process_secondary_order https://bugzilla.redhat.com/show_bug.cgi?id=1670410 [ 10 ] Bug #1670409 - CVE-2018-8798 rdesktop: Minor information leak in rdpsnd_process_ping https://bugzilla.redhat.com/show_bug.cgi?id=1670409 [ 11 ] Bug #1670408 - CVE-2018-8796 rdesktop: Denial of Service in process_bitmap_data https://bugzilla.redhat.com/show_bug.cgi?id=1670408 [ 12 ] Bug #1670406 - CVE-2018-8793 rdesktop: Remote code execution in cssp_read_tsrequest https://bugzilla.redhat.com/show_bug.cgi?id=1670406 [ 13 ] Bug #1670404 - CVE-2018-8792 rdesktop: Denial of Service in cssp_read_tsrequest https://bugzilla.redhat.com/show_bug.cgi?id=1670404 [ 14 ] Bug #1670403 - CVE-2018-8791 rdesktop: Minor information leak in rdpdr_process https://bugzilla.redhat.com/show_bug.cgi?id=1670403 [ 15 ] Bug #1670401 - CVE-2018-20176 rdesktop: Denial of Service in sec_parse_crypt_info and sec_recv https://bugzilla.redhat.com/show_bug.cgi?id=1670401 [ 16 ] Bug #1670400 - CVE-2018-20175 rdesktop: Denial of Service in mcs_recv_connect_response and mcs_parse_domain_params https://bugzilla.redhat.com/show_bug.cgi?id=1670400 [ 17 ] Bug #1670393 - CVE-2018-8797 rdesktop: Remote code execution in process_plane https://bugzilla.redhat.com/show_bug.cgi?id=1670393 [ 18 ] Bug #1670392 - CVE-2018-8795 rdesktop: Remote code execution in process_bitmap_data https://bugzilla.redhat.com/show_bug.cgi?id=1670392 [ 19 ] Bug #1670384 - CVE-2018-8794 rdesktop: Memory corruption in process_bitmap_data https://bugzilla.redhat.com/show_bug.cgi?id=1670384 su -c 'dnf upgrade --advisory FEDORA-2019-5146cd34e2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Change Log

References

Update Instructions

Severity
Product : Fedora 28
Version : 1.8.4
Release : 2.fc28
URL : http://www.rdesktop.org/
Summary : X client for remote desktop into Windows Terminal Server

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved