Fedora 28: rdesktop Security Update

    Date13 Feb 2019
    CategoryFedora
    106
    Posted ByLinuxSecurity Advisories
    Update to 1.8.4. Security fix for CVE-2018-8794 CVE-2018-8795 CVE-2018-8797 CVE-2018-20175 CVE-2018-20176 CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8796 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182.
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2019-5146cd34e2
    2019-02-13 06:14:17.450086
    --------------------------------------------------------------------------------
    
    Name        : rdesktop
    Product     : Fedora 28
    Version     : 1.8.4
    Release     : 2.fc28
    URL         : http://www.rdesktop.org/
    Summary     : X client for remote desktop into Windows Terminal Server
    Description :
    rdesktop is an open source client for Windows NT Terminal Server and
    Windows 2000 & 2003 Terminal Services, capable of natively speaking
    Remote Desktop Protocol (RDP) in order to present the user's NT
    desktop. Unlike Citrix ICA, no server extensions are required.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    Update to 1.8.4.  Security fix for CVE-2018-8794 CVE-2018-8795 CVE-2018-8797
    CVE-2018-20175 CVE-2018-20176 CVE-2018-8791 CVE-2018-8792 CVE-2018-8793
    CVE-2018-8796 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800 CVE-2018-20174
    CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181
    CVE-2018-20182.
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Tue Jan 29 2019 Charles R. Anderson  - 1.8.4-2
    - Escape macros in comments
    - 1.8.4 release security fixes rhbz#1670427:
      CVE-2018-8794 CVE-2018-8795 CVE-2018-8797 CVE-2018-20175 CVE-2018-20176
      CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8796 CVE-2018-8798
      CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20177 CVE-2018-20178
      CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182
    * Sat Jan 26 2019 Charles R. Anderson  - 1.8.4-1
    - Update to 1.8.4 release
    * Fri Nov 30 2018 Charles R. Anderson  - 1.8.4-0.1
    - Update to git master
    * Sat Jul 14 2018 Fedora Release Engineering  - 1.8.3-8
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
    * Fri Feb  9 2018 Fedora Release Engineering  - 1.8.3-7
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
    * Thu Aug  3 2017 Fedora Release Engineering  - 1.8.3-6
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
    * Thu Jul 27 2017 Fedora Release Engineering  - 1.8.3-5
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
    * Sat Feb 11 2017 Fedora Release Engineering  - 1.8.3-4
    - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1670425 - CVE-2018-20182 rdesktop: Remote code execution in seamless_process_line
            https://bugzilla.redhat.com/show_bug.cgi?id=1670425
      [ 2 ] Bug #1670424 - CVE-2018-20181 rdesktop: Remote code execution in seamless_process
            https://bugzilla.redhat.com/show_bug.cgi?id=1670424
      [ 3 ] Bug #1670423 - CVE-2018-20180 rdesktop: Remote code execution in rdpsnddbg_process
            https://bugzilla.redhat.com/show_bug.cgi?id=1670423
      [ 4 ] Bug #1670422 - CVE-2018-20179 rdesktop: Remote code execution in lspci_process
            https://bugzilla.redhat.com/show_bug.cgi?id=1670422
      [ 5 ] Bug #1670417 - CVE-2018-20178 rdesktop: Denial of Service in process_demand_active
            https://bugzilla.redhat.com/show_bug.cgi?id=1670417
      [ 6 ] Bug #1670416 - CVE-2018-20177 rdesktop: Memory corruption in rdp_in_unistr
            https://bugzilla.redhat.com/show_bug.cgi?id=1670416
      [ 7 ] Bug #1670413 - CVE-2018-20174 rdesktop: Information leak in ui_clip_handle_data
            https://bugzilla.redhat.com/show_bug.cgi?id=1670413
      [ 8 ] Bug #1670412 - CVE-2018-8800 rdesktop: Remote code execution in ui_clip_handle_data
            https://bugzilla.redhat.com/show_bug.cgi?id=1670412
      [ 9 ] Bug #1670410 - CVE-2018-8799 rdesktop: Denial of Service in process_secondary_order
            https://bugzilla.redhat.com/show_bug.cgi?id=1670410
      [ 10 ] Bug #1670409 - CVE-2018-8798 rdesktop: Minor information leak in rdpsnd_process_ping
            https://bugzilla.redhat.com/show_bug.cgi?id=1670409
      [ 11 ] Bug #1670408 - CVE-2018-8796 rdesktop: Denial of Service in process_bitmap_data
            https://bugzilla.redhat.com/show_bug.cgi?id=1670408
      [ 12 ] Bug #1670406 - CVE-2018-8793 rdesktop: Remote code execution in cssp_read_tsrequest
            https://bugzilla.redhat.com/show_bug.cgi?id=1670406
      [ 13 ] Bug #1670404 - CVE-2018-8792 rdesktop: Denial of Service in cssp_read_tsrequest
            https://bugzilla.redhat.com/show_bug.cgi?id=1670404
      [ 14 ] Bug #1670403 - CVE-2018-8791 rdesktop: Minor information leak in rdpdr_process
            https://bugzilla.redhat.com/show_bug.cgi?id=1670403
      [ 15 ] Bug #1670401 - CVE-2018-20176 rdesktop: Denial of Service in sec_parse_crypt_info and sec_recv
            https://bugzilla.redhat.com/show_bug.cgi?id=1670401
      [ 16 ] Bug #1670400 - CVE-2018-20175 rdesktop: Denial of Service in mcs_recv_connect_response and mcs_parse_domain_params
            https://bugzilla.redhat.com/show_bug.cgi?id=1670400
      [ 17 ] Bug #1670393 - CVE-2018-8797 rdesktop: Remote code execution in process_plane
            https://bugzilla.redhat.com/show_bug.cgi?id=1670393
      [ 18 ] Bug #1670392 - CVE-2018-8795 rdesktop: Remote code execution in process_bitmap_data
            https://bugzilla.redhat.com/show_bug.cgi?id=1670392
      [ 19 ] Bug #1670384 - CVE-2018-8794 rdesktop: Memory corruption in process_bitmap_data
            https://bugzilla.redhat.com/show_bug.cgi?id=1670384
    --------------------------------------------------------------------------------
    
    This update can be installed with the "dnf" update program. Use
    su -c 'dnf upgrade --advisory FEDORA-2019-5146cd34e2' at the command
    line. For more information, refer to the dnf documentation available at
    http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
    
    All packages are signed with the Fedora Project GPG key. More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
    To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
    Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
    List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
    List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com feature?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    17
    radio
    [{"id":"65","title":"Feature articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"66","title":"News","votes":"1","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"67","title":"HOWTOs","votes":"2","type":"x","order":"3","pct":66.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.