Synopsis: Important: freerdp security update
Advisory ID:       SLSA-2019:0697-1
Issue Date:        2019-04-02
CVE Numbers:       CVE-2018-8786
                   CVE-2018-8787
                   CVE-2018-8788
--

Security Fix(es):

* freerdp: Integer truncation leading to heap-based buffer overflow in
update_read_bitmap_update() function (CVE-2018-8786)

* freerdp: Integer overflow leading to heap-based buffer overflow in
gdi_Bitmap_Decompress() function (CVE-2018-8787)

* freerdp: Out-of-bounds write in nsc_rle_decode() function
(CVE-2018-8788)
--

SL7
  x86_64
    freerdp-1.0.2-15.el7_6.1.x86_64.rpm
    freerdp-debuginfo-1.0.2-15.el7_6.1.i686.rpm
    freerdp-debuginfo-1.0.2-15.el7_6.1.x86_64.rpm
    freerdp-libs-1.0.2-15.el7_6.1.i686.rpm
    freerdp-libs-1.0.2-15.el7_6.1.x86_64.rpm
    freerdp-plugins-1.0.2-15.el7_6.1.x86_64.rpm
    freerdp-devel-1.0.2-15.el7_6.1.i686.rpm
    freerdp-devel-1.0.2-15.el7_6.1.x86_64.rpm

- Scientific Linux Development Team