MGASA-2019-0041 - Updated rdesktop package fixes security vulnerabilities

Publication date: 18 Jan 2019
URL: https://advisories.mageia.org/MGASA-2019-0041.html
Type: security
Affected Mageia releases: 6
CVE: CVE-2018-8794,
     CVE-2018-8795,
     CVE-2018-8797,
     CVE-2018-20175,
     CVE-2018-20175,
     CVE-2018-20176,
     CVE-2018-20176,
     CVE-2018-8791,
     CVE-2018-8792,
     CVE-2018-8793,
     CVE-2018-8796,
     CVE-2018-8798,
     CVE-2018-8799,
     CVE-2018-8800,
     CVE-2018-20174,
     CVE-2018-20177,
     CVE-2018-20178,
     CVE-2018-20179,
     CVE-2018-20180,
     CVE-2018-20181,
     CVE-2018-20182

rdesktop has been updated to fix multiple CVE's.
Fix memory corruption in process_bitmap_data - CVE-2018-8794
Fix remote code execution in process_bitmap_data - CVE-2018-8795
Fix remote code execution in process_plane - CVE-2018-8797
Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175
Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175
Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176
Fix Denial of Service in sec_recv - CVE-2018-20176
Fix minor information leak in rdpdr_process - CVE-2018-8791
Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792
Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793
Fix Denial of Service in process_bitmap_data - CVE-2018-8796
Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798
Fix Denial of Service in process_secondary_order - CVE-2018-8799
Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800
Fix major information leak in ui_clip_handle_data - CVE-2018-20174
Fix memory corruption in rdp_in_unistr - CVE-2018-20177
Fix Denial of Service in process_demand_active - CVE-2018-20178
Fix remote code execution in lspci_process - CVE-2018-20179
Fix remote code execution in rdpsnddbg_process - CVE-2018-20180
Fix remote code execution in seamless_process - CVE-2018-20181
Fix remote code execution in seamless_process_line - CVE-2018-20182

References:
- https://bugs.mageia.org/show_bug.cgi?id=24192
- https://github.com/rdesktop/rdesktop/releases/tag/v1.8.4
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8794
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8795
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8797
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20175
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20175
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20176
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20176
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8791
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8792
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8793
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8796
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8798
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8799
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8800
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20174
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20177
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20178
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20179
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20180
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20181
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20182

SRPMS:
- 6/core/rdesktop-1.8.4-1.mga6

Mageia 2019-0041: rdesktop security update

rdesktop has been updated to fix multiple CVE's

Summary

rdesktop has been updated to fix multiple CVE's. Fix memory corruption in process_bitmap_data - CVE-2018-8794 Fix remote code execution in process_bitmap_data - CVE-2018-8795 Fix remote code execution in process_plane - CVE-2018-8797 Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175 Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175 Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176 Fix Denial of Service in sec_recv - CVE-2018-20176 Fix minor information leak in rdpdr_process - CVE-2018-8791 Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792 Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793 Fix Denial of Service in process_bitmap_data - CVE-2018-8796 Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798 Fix Denial of Service in process_secondary_order - CVE-2018-8799 Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800 Fix major information leak in ui_clip_handle_data - CVE-2018-20174 Fix memory corruption in rdp_in_unistr - CVE-2018-20177 Fix Denial of Service in process_demand_active - CVE-2018-20178 Fix remote code execution in lspci_process - CVE-2018-20179 Fix remote code execution in rdpsnddbg_process - CVE-2018-20180 Fix remote code execution in seamless_process - CVE-2018-20181 Fix remote code execution in seamless_process_line - CVE-2018-20182

References

- https://bugs.mageia.org/show_bug.cgi?id=24192

- https://github.com/rdesktop/rdesktop/releases/tag/v1.8.4

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8794

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8795

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8797

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20175

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20175

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20176

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20176

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8791

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8792

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8793

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8796

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8798

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8799

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8800

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20174

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20177

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20178

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20179

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20180

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20181

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20182

Resolution

MGASA-2019-0041 - Updated rdesktop package fixes security vulnerabilities

SRPMS

- 6/core/rdesktop-1.8.4-1.mga6

Severity
Publication date: 18 Jan 2019
URL: https://advisories.mageia.org/MGASA-2019-0041.html
Type: security
CVE: CVE-2018-8794, CVE-2018-8795, CVE-2018-8797, CVE-2018-20175, CVE-2018-20175, CVE-2018-20176, CVE-2018-20176, CVE-2018-8791, CVE-2018-8792, CVE-2018-8793, CVE-2018-8796, CVE-2018-8798, CVE-2018-8799, CVE-2018-8800, CVE-2018-20174, CVE-2018-20177, CVE-2018-20178, CVE-2018-20179, CVE-2018-20180, CVE-2018-20181, CVE-2018-20182

Related News

22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly
19.Laptop Bed Esm H320
2 - 3 min read
The recently released Linux Kernel 6.9 brings forth a blend of crucial upgrades and enhancements, catering to the ever-evolving needs of the Linux
4.Lock AbstractDigital Esm H320
1 - 2 min read
Nmap 7.95 introduces myriad enhancements, primarily focusing on OS and service detection signatures. This reflects the dedication of the Nmap
5.ShakingHands Esm H320
3 - 5 min read
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This
18.WifiCutout Landscape Esm H320
2 - 3 min read
A novel attack called TunnelVision has been discovered. It compromises the security of virtually all VPN apps, rendering their purpose useless. The
21.Globe RadiatingCode Esm H320
2 - 3 min read
The recent discovery of a backdoor in XZ Utils , a widely used Linux tool, raises concerns about the security of the open-source ecosystem. While
13.Lock StylizedMotherboard Esm H320
1 - 2 min read
Spiral Linux is a Debian-based distribution that offers a range of desktop environments, making it stand out from other Linux distributions. In

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved