MGASA-2019-0041 - Updated rdesktop package fixes security vulnerabilities

Publication date: 18 Jan 2019
URL: https://advisories.mageia.org/MGASA-2019-0041.html
Type: security
Affected Mageia releases: 6
CVE: CVE-2018-8794,
     CVE-2018-8795,
     CVE-2018-8797,
     CVE-2018-20175,
     CVE-2018-20175,
     CVE-2018-20176,
     CVE-2018-20176,
     CVE-2018-8791,
     CVE-2018-8792,
     CVE-2018-8793,
     CVE-2018-8796,
     CVE-2018-8798,
     CVE-2018-8799,
     CVE-2018-8800,
     CVE-2018-20174,
     CVE-2018-20177,
     CVE-2018-20178,
     CVE-2018-20179,
     CVE-2018-20180,
     CVE-2018-20181,
     CVE-2018-20182

rdesktop has been updated to fix multiple CVE's.
Fix memory corruption in process_bitmap_data - CVE-2018-8794
Fix remote code execution in process_bitmap_data - CVE-2018-8795
Fix remote code execution in process_plane - CVE-2018-8797
Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175
Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175
Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176
Fix Denial of Service in sec_recv - CVE-2018-20176
Fix minor information leak in rdpdr_process - CVE-2018-8791
Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792
Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793
Fix Denial of Service in process_bitmap_data - CVE-2018-8796
Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798
Fix Denial of Service in process_secondary_order - CVE-2018-8799
Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800
Fix major information leak in ui_clip_handle_data - CVE-2018-20174
Fix memory corruption in rdp_in_unistr - CVE-2018-20177
Fix Denial of Service in process_demand_active - CVE-2018-20178
Fix remote code execution in lspci_process - CVE-2018-20179
Fix remote code execution in rdpsnddbg_process - CVE-2018-20180
Fix remote code execution in seamless_process - CVE-2018-20181
Fix remote code execution in seamless_process_line - CVE-2018-20182

References:
- https://bugs.mageia.org/show_bug.cgi?id=24192
- https://github.com/rdesktop/rdesktop/releases/tag/v1.8.4
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8794
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8795
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8797
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20175
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20175
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20176
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20176
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8791
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8792
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8793
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8796
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8798
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8799
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8800
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20174
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20177
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20178
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20179
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20180
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20181
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20182

SRPMS:
- 6/core/rdesktop-1.8.4-1.mga6

Mageia 2019-0041: rdesktop security update

rdesktop has been updated to fix multiple CVE's

Summary

rdesktop has been updated to fix multiple CVE's. Fix memory corruption in process_bitmap_data - CVE-2018-8794 Fix remote code execution in process_bitmap_data - CVE-2018-8795 Fix remote code execution in process_plane - CVE-2018-8797 Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175 Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175 Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176 Fix Denial of Service in sec_recv - CVE-2018-20176 Fix minor information leak in rdpdr_process - CVE-2018-8791 Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792 Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793 Fix Denial of Service in process_bitmap_data - CVE-2018-8796 Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798 Fix Denial of Service in process_secondary_order - CVE-2018-8799 Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800 Fix major information leak in ui_clip_handle_data - CVE-2018-20174 Fi...

References

- https://bugs.mageia.org/show_bug.cgi?id=24192

- https://github.com/rdesktop/rdesktop/releases/tag/v1.8.4

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8794

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8795

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8797

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20175

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20175

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20176

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20176

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8791

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8792

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8793

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8796

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8798

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8799

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8800

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20174

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20177

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20178

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20179

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20180

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20181

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20182

Resolution

MGASA-2019-0041 - Updated rdesktop package fixes security vulnerabilities

SRPMS

- 6/core/rdesktop-1.8.4-1.mga6

Severity
Publication date: 18 Jan 2019
URL: https://advisories.mageia.org/MGASA-2019-0041.html
Type: security
CVE: CVE-2018-8794, CVE-2018-8795, CVE-2018-8797, CVE-2018-20175, CVE-2018-20175, CVE-2018-20176, CVE-2018-20176, CVE-2018-8791, CVE-2018-8792, CVE-2018-8793, CVE-2018-8796, CVE-2018-8798, CVE-2018-8799, CVE-2018-8800, CVE-2018-20174, CVE-2018-20177, CVE-2018-20178, CVE-2018-20179, CVE-2018-20180, CVE-2018-20181, CVE-2018-20182

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved