Fedora 29: FEDORA-2019-ac70292cfc Critical: Rdesktop Remote Code Execution
fedora
February 13, 2019
Update to 1.8.4
Summary
rdesktop is an open source client for Windows NT Terminal Server and
Windows 2000 & 2003 Terminal Services, capable of natively speaking
Remote Desktop Protocol (RDP) in order to present the user's NT
desktop. Unlike Citrix ICA, no server extensions are required.
Update to 1.8.4. Security fix for CVE-2018-8794 CVE-2018-8795 CVE-2018-8797
CVE-2018-20175 CVE-2018-20176 CVE-2018-8791 CVE-2018-8792 CVE-2018-8793
CVE-2018-8796 CVE-2018-8798 CVE-2018-8799 CVE-2018-8800 CVE-2018-20174
CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181
CVE-2018-20182.
* Tue Jan 29 2019 Charles R. Anderson
- Escape macros in comments
- 1.8.4 release security fixes rhbz#1670427:
CVE-2018-8794 CVE-2018-8795 CVE-2018-8797 CVE-2018-20175 CVE-2018-20176
CVE-2018-8791 CVE-2018-8792 CVE-2018-8793 CVE-2018-8796 CVE-2018-8798
CVE-2018-8799 CVE-2018-8800 CVE-2018-20174 CVE-2018-20177 CVE-2018-20178
CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182
* Sat Jan 26 2019 Charles R. Anderson
- Update to 1.8.4 release
* Fri Nov 30 2018 Charles R. Anderson
- Update to git master
* Sat Jul 14 2018 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb 9 2018 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Aug 3 2017 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
[ 1 ] Bug #1670425 - CVE-2018-20182 rdesktop: Remote code execution in seamless_process_line
https://bugzilla.redhat.com/show_bug.cgi?id=1670425
[ 2 ] Bug #1670424 - CVE-2018-20181 rdesktop: Remote code execution in seamless_process
https://bugzilla.redhat.com/show_bug.cgi?id=1670424
[ 3 ] Bug #1670423 - CVE-2018-20180 rdesktop: Remote code execution in rdpsnddbg_process
https://bugzilla.redhat.com/show_bug.cgi?id=1670423
[ 4 ] Bug #1670422 - CVE-2018-20179 rdesktop: Remote code execution in lspci_process
https://bugzilla.redhat.com/show_bug.cgi?id=1670422
[ 5 ] Bug #1670417 - CVE-2018-20178 rdesktop: Denial of Service in process_demand_active
https://bugzilla.redhat.com/show_bug.cgi?id=1670417
[ 6 ] Bug #1670416 - CVE-2018-20177 rdesktop: Memory corruption in rdp_in_unistr
https://bugzilla.redhat.com/show_bug.cgi?id=1670416
[ 7 ] Bug #1670413 - CVE-2018-20174 rdesktop: Information leak in ui_clip_handle_data
https://bugzilla.redhat.com/show_bug.cgi?id=1670413
[ 8 ] Bug #1670412 - CVE-2018-8800 rdesktop: Remote code execution in ui_clip_handle_data
https://bugzilla.redhat.com/show_bug.cgi?id=1670412
[ 9 ] Bug #1670410 - CVE-2018-8799 rdesktop: Denial of Service in process_secondary_order
https://bugzilla.redhat.com/show_bug.cgi?id=1670410
[ 10 ] Bug #1670409 - CVE-2018-8798 rdesktop: Minor information leak in rdpsnd_process_ping
https://bugzilla.redhat.com/show_bug.cgi?id=1670409
[ 11 ] Bug #1670408 - CVE-2018-8796 rdesktop: Denial of Service in process_bitmap_data
https://bugzilla.redhat.com/show_bug.cgi?id=1670408
[ 12 ] Bug #1670406 - CVE-2018-8793 rdesktop: Remote code execution in cssp_read_tsrequest
https://bugzilla.redhat.com/show_bug.cgi?id=1670406
[ 13 ] Bug #1670404 - CVE-2018-8792 rdesktop: Denial of Service in cssp_read_tsrequest
https://bugzilla.redhat.com/show_bug.cgi?id=1670404
[ 14 ] Bug #1670403 - CVE-2018-8791 rdesktop: Minor information leak in rdpdr_process
https://bugzilla.redhat.com/show_bug.cgi?id=1670403
[ 15 ] Bug #1670401 - CVE-2018-20176 rdesktop: Denial of Service in sec_parse_crypt_info and sec_recv
https://bugzilla.redhat.com/show_bug.cgi?id=1670401
[ 16 ] Bug #1670400 - CVE-2018-20175 rdesktop: Denial of Service in mcs_recv_connect_response and mcs_parse_domain_params
https://bugzilla.redhat.com/show_bug.cgi?id=1670400
[ 17 ] Bug #1670393 - CVE-2018-8797 rdesktop: Remote code execution in process_plane
https://bugzilla.redhat.com/show_bug.cgi?id=1670393
[ 18 ] Bug #1670392 - CVE-2018-8795 rdesktop: Remote code execution in process_bitmap_data
https://bugzilla.redhat.com/show_bug.cgi?id=1670392
[ 19 ] Bug #1670384 - CVE-2018-8794 rdesktop: Memory corruption in process_bitmap_data
https://bugzilla.redhat.com/show_bug.cgi?id=1670384
su -c 'dnf upgrade --advisory FEDORA-2019-ac70292cfc' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Topics Covered
Change Log
References
Update Instructions
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Product: Fedora 29
Version: 1.8.4
Release: 2.fc29
Summary: X client for remote desktop into Windows Terminal Server
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!