Fedora 28: rdesktop Security Update
Summary
rdesktop is an open source client for Windows NT Terminal Server and
Windows 2000 & 2003 Terminal Services, capable of natively speaking
Remote Desktop Protocol (RDP) in order to present the user's NT
desktop. Unlike Citrix ICA, no server extensions are required.
Update to 1.8.4. Security fix for CVE-2018-8794 CVE-2018-8795 CVE-2018-8797
CVE-2018-20175 CVE-2018-20176 CVE-2018-8791 CVE-2018-8792 CVE-2018-8793
CVE-2018-8796 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800 CVE-2018-20174
CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181
CVE-2018-20182.
* Tue Jan 29 2019 Charles R. Anderson
- Escape macros in comments
- 1.8.4 release security fixes rhbz#1670427:
CVE-2018-8794 CVE-2018-8795 CVE-2018-8797 CVE-2018-20175 CVE-2018-20176
CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8796 CVE-2018-8798
CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20177 CVE-2018-20178
CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182
* Sat Jan 26 2019 Charles R. Anderson
- Update to 1.8.4 release
* Fri Nov 30 2018 Charles R. Anderson
- Update to git master
* Sat Jul 14 2018 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 9 2018 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug 3 2017 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
[ 1 ] Bug #1670425 - CVE-2018-20182 rdesktop: Remote code execution in seamless_process_line
https://bugzilla.redhat.com/show_bug.cgi?id=1670425
[ 2 ] Bug #1670424 - CVE-2018-20181 rdesktop: Remote code execution in seamless_process
https://bugzilla.redhat.com/show_bug.cgi?id=1670424
[ 3 ] Bug #1670423 - CVE-2018-20180 rdesktop: Remote code execution in rdpsnddbg_process
https://bugzilla.redhat.com/show_bug.cgi?id=1670423
[ 4 ] Bug #1670422 - CVE-2018-20179 rdesktop: Remote code execution in lspci_process
https://bugzilla.redhat.com/show_bug.cgi?id=1670422
[ 5 ] Bug #1670417 - CVE-2018-20178 rdesktop: Denial of Service in process_demand_active
https://bugzilla.redhat.com/show_bug.cgi?id=1670417
[ 6 ] Bug #1670416 - CVE-2018-20177 rdesktop: Memory corruption in rdp_in_unistr
https://bugzilla.redhat.com/show_bug.cgi?id=1670416
[ 7 ] Bug #1670413 - CVE-2018-20174 rdesktop: Information leak in ui_clip_handle_data
https://bugzilla.redhat.com/show_bug.cgi?id=1670413
[ 8 ] Bug #1670412 - CVE-2018-8800 rdesktop: Remote code execution in ui_clip_handle_data
https://bugzilla.redhat.com/show_bug.cgi?id=1670412
[ 9 ] Bug #1670410 - CVE-2018-8799 rdesktop: Denial of Service in process_secondary_order
https://bugzilla.redhat.com/show_bug.cgi?id=1670410
[ 10 ] Bug #1670409 - CVE-2018-8798 rdesktop: Minor information leak in rdpsnd_process_ping
https://bugzilla.redhat.com/show_bug.cgi?id=1670409
[ 11 ] Bug #1670408 - CVE-2018-8796 rdesktop: Denial of Service in process_bitmap_data
https://bugzilla.redhat.com/show_bug.cgi?id=1670408
[ 12 ] Bug #1670406 - CVE-2018-8793 rdesktop: Remote code execution in cssp_read_tsrequest
https://bugzilla.redhat.com/show_bug.cgi?id=1670406
[ 13 ] Bug #1670404 - CVE-2018-8792 rdesktop: Denial of Service in cssp_read_tsrequest
https://bugzilla.redhat.com/show_bug.cgi?id=1670404
[ 14 ] Bug #1670403 - CVE-2018-8791 rdesktop: Minor information leak in rdpdr_process
https://bugzilla.redhat.com/show_bug.cgi?id=1670403
[ 15 ] Bug #1670401 - CVE-2018-20176 rdesktop: Denial of Service in sec_parse_crypt_info and sec_recv
https://bugzilla.redhat.com/show_bug.cgi?id=1670401
[ 16 ] Bug #1670400 - CVE-2018-20175 rdesktop: Denial of Service in mcs_recv_connect_response and mcs_parse_domain_params
https://bugzilla.redhat.com/show_bug.cgi?id=1670400
[ 17 ] Bug #1670393 - CVE-2018-8797 rdesktop: Remote code execution in process_plane
https://bugzilla.redhat.com/show_bug.cgi?id=1670393
[ 18 ] Bug #1670392 - CVE-2018-8795 rdesktop: Remote code execution in process_bitmap_data
https://bugzilla.redhat.com/show_bug.cgi?id=1670392
[ 19 ] Bug #1670384 - CVE-2018-8794 rdesktop: Memory corruption in process_bitmap_data
https://bugzilla.redhat.com/show_bug.cgi?id=1670384
su -c 'dnf upgrade --advisory FEDORA-2019-5146cd34e2' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
FEDORA-2019-5146cd34e2 2019-02-13 06:14:17.450086 Product : Fedora 28 Version : 1.8.4 Release : 2.fc28 URL : http://www.rdesktop.org/ Summary : X client for remote desktop into Windows Terminal Server Description : rdesktop is an open source client for Windows NT Terminal Server and Windows 2000 & 2003 Terminal Services, capable of natively speaking Remote Desktop Protocol (RDP) in order to present the user's NT desktop. Unlike Citrix ICA, no server extensions are required. Update to 1.8.4. Security fix for CVE-2018-8794 CVE-2018-8795 CVE-2018-8797 CVE-2018-20175 CVE-2018-20176 CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8796 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182. * Tue Jan 29 2019 Charles R. Anderson - 1.8.4-2 - Escape macros in comments - 1.8.4 release security fixes rhbz#1670427: CVE-2018-8794 CVE-2018-8795 CVE-2018-8797 CVE-2018-20175 CVE-2018-20176 CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8796 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182 * Sat Jan 26 2019 Charles R. Anderson - 1.8.4-1 - Update to 1.8.4 release * Fri Nov 30 2018 Charles R. Anderson - 1.8.4-0.1 - Update to git master * Sat Jul 14 2018 Fedora Release Engineering - 1.8.3-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Fri Feb 9 2018 Fedora Release Engineering - 1.8.3-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Aug 3 2017 Fedora Release Engineering - 1.8.3-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Thu Jul 27 2017 Fedora Release Engineering - 1.8.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Sat Feb 11 2017 Fedora Release Engineering - 1.8.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild [ 1 ] Bug #1670425 - CVE-2018-20182 rdesktop: Remote code execution in seamless_process_line https://bugzilla.redhat.com/show_bug.cgi?id=1670425 [ 2 ] Bug #1670424 - CVE-2018-20181 rdesktop: Remote code execution in seamless_process https://bugzilla.redhat.com/show_bug.cgi?id=1670424 [ 3 ] Bug #1670423 - CVE-2018-20180 rdesktop: Remote code execution in rdpsnddbg_process https://bugzilla.redhat.com/show_bug.cgi?id=1670423 [ 4 ] Bug #1670422 - CVE-2018-20179 rdesktop: Remote code execution in lspci_process https://bugzilla.redhat.com/show_bug.cgi?id=1670422 [ 5 ] Bug #1670417 - CVE-2018-20178 rdesktop: Denial of Service in process_demand_active https://bugzilla.redhat.com/show_bug.cgi?id=1670417 [ 6 ] Bug #1670416 - CVE-2018-20177 rdesktop: Memory corruption in rdp_in_unistr https://bugzilla.redhat.com/show_bug.cgi?id=1670416 [ 7 ] Bug #1670413 - CVE-2018-20174 rdesktop: Information leak in ui_clip_handle_data https://bugzilla.redhat.com/show_bug.cgi?id=1670413 [ 8 ] Bug #1670412 - CVE-2018-8800 rdesktop: Remote code execution in ui_clip_handle_data https://bugzilla.redhat.com/show_bug.cgi?id=1670412 [ 9 ] Bug #1670410 - CVE-2018-8799 rdesktop: Denial of Service in process_secondary_order https://bugzilla.redhat.com/show_bug.cgi?id=1670410 [ 10 ] Bug #1670409 - CVE-2018-8798 rdesktop: Minor information leak in rdpsnd_process_ping https://bugzilla.redhat.com/show_bug.cgi?id=1670409 [ 11 ] Bug #1670408 - CVE-2018-8796 rdesktop: Denial of Service in process_bitmap_data https://bugzilla.redhat.com/show_bug.cgi?id=1670408 [ 12 ] Bug #1670406 - CVE-2018-8793 rdesktop: Remote code execution in cssp_read_tsrequest https://bugzilla.redhat.com/show_bug.cgi?id=1670406 [ 13 ] Bug #1670404 - CVE-2018-8792 rdesktop: Denial of Service in cssp_read_tsrequest https://bugzilla.redhat.com/show_bug.cgi?id=1670404 [ 14 ] Bug #1670403 - CVE-2018-8791 rdesktop: Minor information leak in rdpdr_process https://bugzilla.redhat.com/show_bug.cgi?id=1670403 [ 15 ] Bug #1670401 - CVE-2018-20176 rdesktop: Denial of Service in sec_parse_crypt_info and sec_recv https://bugzilla.redhat.com/show_bug.cgi?id=1670401 [ 16 ] Bug #1670400 - CVE-2018-20175 rdesktop: Denial of Service in mcs_recv_connect_response and mcs_parse_domain_params https://bugzilla.redhat.com/show_bug.cgi?id=1670400 [ 17 ] Bug #1670393 - CVE-2018-8797 rdesktop: Remote code execution in process_plane https://bugzilla.redhat.com/show_bug.cgi?id=1670393 [ 18 ] Bug #1670392 - CVE-2018-8795 rdesktop: Remote code execution in process_bitmap_data https://bugzilla.redhat.com/show_bug.cgi?id=1670392 [ 19 ] Bug #1670384 - CVE-2018-8794 rdesktop: Memory corruption in process_bitmap_data https://bugzilla.redhat.com/show_bug.cgi?id=1670384 su -c 'dnf upgrade --advisory FEDORA-2019-5146cd34e2' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Change Log
References