openSUSE: 2019:2135-1 Important: rdesktop Denial of Service Fixes
opensuse
September 14, 2019
An update that fixes 19 vulnerabilities is now available.
Description
This update for rdesktop fixes the following issues:
rdesktop was updated to 1.8.6:
* Fix protocol code handling new licenses
rdesktop was updated to 1.8.5:
* Add bounds checking to protocol handling in order to fix many security
problems when communicating with a malicious server.
rdesktop was updated to 1.8.4 (fix for boo#1121448):
* Add rdp_protocol_error function that is used in several fixes
* Refactor of process_bitmap_updates
* Fix possible integer overflow in s_check_rem() on 32bit arch
* Fix memory corruption in process_bitmap_data - CVE-2018-8794
* Fix remote code execution in process_bitmap_data - CVE-2018-8795
* Fix remote code execution in process_plane - CVE-2018-8797
* Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175
* Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175
* Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176
* Fix Denial of Service in sec_recv -...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2019-2135=1
- openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2019-2135=1
Package List
- openSUSE Leap 15.1 (x86_64):
rdesktop-1.8.6-lp151.2.3.1
rdesktop-debuginfo-1.8.6-lp151.2.3.1
rdesktop-debugsource-1.8.6-lp151.2.3.1
- openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):
rdesktop-1.8.6-bp151.2.3.1
References
https://www.suse.com/security/cve/CVE-2018-20174.html
https://www.suse.com/security/cve/CVE-2018-20175.html
https://www.suse.com/security/cve/CVE-2018-20176.html
https://www.suse.com/security/cve/CVE-2018-20177.html
https://www.suse.com/security/cve/CVE-2018-20178.html
https://www.suse.com/security/cve/CVE-2018-20179.html
https://www.suse.com/security/cve/CVE-2018-20180.html
https://www.suse.com/security/cve/CVE-2018-20181.html
https://www.suse.com/security/cve/CVE-2018-20182.html
https://www.suse.com/security/cve/CVE-2018-8791.html
https://www.suse.com/security/cve/CVE-2018-8792.html
https://www.suse.com/security/cve/CVE-2018-8793.html
https://www.suse.com/security/cve/CVE-2018-8794.html
https://www.suse.com/security/cve/CVE-2018-8795.html
https://www.suse.com/security/cve/CVE-2018-8796.html
https://www.suse.com/security/cve/CVE-2018-8797.html
https://www.suse.com/security/cve/CVE-2018-8798.html
https://www.suse.com/security/cve/CVE-2018-8799.html
https://www.suse.com/security/cve/CVE-2018-8800.html
htt...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2019:2135-1
Rating: important
Affected Products:
openSUSE Leap 15.1
openSUSE Backports SLE-15-SP1
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!