openSUSE: 2019:2135-1: important: rdesktop

    Date14 Sep 2019
    CategoryopenSUSE
    508
    Posted ByLinuxSecurity Advisories
    An update that fixes 19 vulnerabilities is now available.
       openSUSE Security Update: Security update for rdesktop
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2019:2135-1
    Rating:             important
    References:         #1121448 
    Cross-References:   CVE-2018-20174 CVE-2018-20175 CVE-2018-20176
                        CVE-2018-20177 CVE-2018-20178 CVE-2018-20179
                        CVE-2018-20180 CVE-2018-20181 CVE-2018-20182
                        CVE-2018-8791 CVE-2018-8792 CVE-2018-8793
                        CVE-2018-8794 CVE-2018-8795 CVE-2018-8796
                        CVE-2018-8797 CVE-2018-8798 CVE-2018-8799
                        CVE-2018-8800
    Affected Products:
                        openSUSE Leap 15.1
                        openSUSE Backports SLE-15-SP1
    ______________________________________________________________________________
    
       An update that fixes 19 vulnerabilities is now available.
    
    Description:
    
       This update for rdesktop fixes the following issues:
    
       rdesktop was updated to 1.8.6:
    
       * Fix protocol code handling new licenses
    
       rdesktop was updated to 1.8.5:
    
       * Add bounds checking to protocol handling in order to fix many security
         problems when communicating with a malicious server.
    
       rdesktop was updated to 1.8.4 (fix for boo#1121448):
    
       * Add rdp_protocol_error function that is used in several fixes
       * Refactor of process_bitmap_updates
       * Fix possible integer overflow in s_check_rem() on 32bit arch
       * Fix memory corruption in process_bitmap_data - CVE-2018-8794
       * Fix remote code execution in process_bitmap_data - CVE-2018-8795
       * Fix remote code execution in process_plane - CVE-2018-8797
       * Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175
       * Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175
       * Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176
       * Fix Denial of Service in sec_recv - CVE-2018-20176
       * Fix minor information leak in rdpdr_process - CVE-2018-8791
       * Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792
       * Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793
       * Fix Denial of Service in process_bitmap_data - CVE-2018-8796
       * Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798
       * Fix Denial of Service in process_secondary_order - CVE-2018-8799
       * Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800
       * Fix major information leak in ui_clip_handle_data - CVE-2018-20174
       * Fix memory corruption in rdp_in_unistr - CVE-2018-20177
       * Fix Denial of Service in process_demand_active - CVE-2018-20178
       * Fix remote code execution in lspci_process - CVE-2018-20179
       * Fix remote code execution in rdpsnddbg_process - CVE-2018-20180
       * Fix remote code execution in seamless_process - CVE-2018-20181
       * Fix remote code execution in seamless_process_line - CVE-2018-20182
       * Fix building against OpenSSL 1.1
       - remove obsolete patches
       * rdesktop-Fix-OpenSSL-1.1-compability-issues.patch
       * rdesktop-Fix-crash-in-rdssl_cert_to_rkey.patch
    
       - update changes file
       * add missing info about bugzilla 1121448
    
       - Added rdesktop-Fix-decryption.patch Patch from
         https://github.com/rdesktop/rdesktop/pull/334 to fix connections to
         VirtualBox.
    
       - update to 1.8.6
       * Fix protocol code handling new licenses
    
       - update to 1.8.5
       * Add bounds checking to protocol handling in order to fix many security
         problems when communicating with a malicious server.
    
       - Trim redundant wording from description.
       - Use %make_install.
    
       - update to 1.8.4 (fix for boo#1121448)
       * Add rdp_protocol_error function that is used in several fixes
       * Refactor of process_bitmap_updates
       * Fix possible integer overflow in s_check_rem() on 32bit arch
       * Fix memory corruption in process_bitmap_data - CVE-2018-8794
       * Fix remote code execution in process_bitmap_data - CVE-2018-8795
       * Fix remote code execution in process_plane - CVE-2018-8797
       * Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175
       * Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175
       * Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176
       * Fix Denial of Service in sec_recv - CVE-2018-20176
       * Fix minor information leak in rdpdr_process - CVE-2018-8791
       * Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792
       * Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793
       * Fix Denial of Service in process_bitmap_data - CVE-2018-8796
       * Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798
       * Fix Denial of Service in process_secondary_order - CVE-2018-8799
       * Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800
       * Fix major information leak in ui_clip_handle_data - CVE-2018-20174
       * Fix memory corruption in rdp_in_unistr - CVE-2018-20177
       * Fix Denial of Service in process_demand_active - CVE-2018-20178
       * Fix remote code execution in lspci_process - CVE-2018-20179
       * Fix remote code execution in rdpsnddbg_process - CVE-2018-20180
       * Fix remote code execution in seamless_process - CVE-2018-20181
       * Fix remote code execution in seamless_process_line - CVE-2018-20182
       * Fix building against OpenSSL 1.1
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Leap 15.1:
    
          zypper in -t patch openSUSE-2019-2135=1
    
       - openSUSE Backports SLE-15-SP1:
    
          zypper in -t patch openSUSE-2019-2135=1
    
    
    
    Package List:
    
       - openSUSE Leap 15.1 (x86_64):
    
          rdesktop-1.8.6-lp151.2.3.1
          rdesktop-debuginfo-1.8.6-lp151.2.3.1
          rdesktop-debugsource-1.8.6-lp151.2.3.1
    
       - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):
    
          rdesktop-1.8.6-bp151.2.3.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2018-20174.html
       https://www.suse.com/security/cve/CVE-2018-20175.html
       https://www.suse.com/security/cve/CVE-2018-20176.html
       https://www.suse.com/security/cve/CVE-2018-20177.html
       https://www.suse.com/security/cve/CVE-2018-20178.html
       https://www.suse.com/security/cve/CVE-2018-20179.html
       https://www.suse.com/security/cve/CVE-2018-20180.html
       https://www.suse.com/security/cve/CVE-2018-20181.html
       https://www.suse.com/security/cve/CVE-2018-20182.html
       https://www.suse.com/security/cve/CVE-2018-8791.html
       https://www.suse.com/security/cve/CVE-2018-8792.html
       https://www.suse.com/security/cve/CVE-2018-8793.html
       https://www.suse.com/security/cve/CVE-2018-8794.html
       https://www.suse.com/security/cve/CVE-2018-8795.html
       https://www.suse.com/security/cve/CVE-2018-8796.html
       https://www.suse.com/security/cve/CVE-2018-8797.html
       https://www.suse.com/security/cve/CVE-2018-8798.html
       https://www.suse.com/security/cve/CVE-2018-8799.html
       https://www.suse.com/security/cve/CVE-2018-8800.html
       https://bugzilla.suse.com/1121448
    
    -- 
    

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"22","type":"x","order":"1","pct":55,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.5,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":32.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.