advisories/24192.adv

type: security
subject: Updated rdesktop package fixes security vulnerabilities
CVE:
 - CVE-2018-8794
 - CVE-2018-8795
 - CVE-2018-8797
 - CVE-2018-20175
 - CVE-2018-20175
 - CVE-2018-20176
 - CVE-2018-20176
 - CVE-2018-8791
 - CVE-2018-8792
 - CVE-2018-8793
 - CVE-2018-8796
 - CVE-2018-8798
 - CVE-2018-8799
 - CVE-2018-8800
 - CVE-2018-20174
 - CVE-2018-20177
 - CVE-2018-20178
 - CVE-2018-20179
 - CVE-2018-20180
 - CVE-2018-20181
 - CVE-2018-20182
src:
  6:
   core:
     - rdesktop-1.8.4-1.mga6
description: |
  rdesktop has been updated to fix multiple CVE's.
  Fix memory corruption in process_bitmap_data - CVE-2018-8794
  Fix remote code execution in process_bitmap_data - CVE-2018-8795
  Fix remote code execution in process_plane - CVE-2018-8797
  Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175
  Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175
  Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176
  Fix Denial of Service in sec_recv - CVE-2018-20176
  Fix minor information leak in rdpdr_process - CVE-2018-8791
  Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792
  Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793
  Fix Denial of Service in process_bitmap_data - CVE-2018-8796
  Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798
  Fix Denial of Service in process_secondary_order - CVE-2018-8799
  Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800
  Fix major information leak in ui_clip_handle_data - CVE-2018-20174
  Fix memory corruption in rdp_in_unistr - CVE-2018-20177
  Fix Denial of Service in process_demand_active - CVE-2018-20178
  Fix remote code execution in lspci_process - CVE-2018-20179
  Fix remote code execution in rdpsnddbg_process - CVE-2018-20180
  Fix remote code execution in seamless_process - CVE-2018-20181
  Fix remote code execution in seamless_process_line - CVE-2018-20182
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24192
 - https://github.com/rdesktop/rdesktop/releases/tag/v1.8.4
ID: MGASA-2019-0041
1	type: security
2	subject: Updated rdesktop package fixes security vulnerabilities
3	CVE:
4	- CVE-2018-8794
5	- CVE-2018-8795
6	- CVE-2018-8797
7	- CVE-2018-20175
8	- CVE-2018-20175
9	- CVE-2018-20176
10	- CVE-2018-20176
11	- CVE-2018-8791
12	- CVE-2018-8792
13	- CVE-2018-8793
14	- CVE-2018-8796
15	- CVE-2018-8798
16	- CVE-2018-8799
17	- CVE-2018-8800
18	- CVE-2018-20174
19	- CVE-2018-20177
20	- CVE-2018-20178
21	- CVE-2018-20179
22	- CVE-2018-20180
23	- CVE-2018-20181
24	- CVE-2018-20182
25	src:
26	6:
27	core:
28	- rdesktop-1.8.4-1.mga6
29	description: \|
30	rdesktop has been updated to fix multiple CVE's.
31	Fix memory corruption in process_bitmap_data - CVE-2018-8794
32	Fix remote code execution in process_bitmap_data - CVE-2018-8795
33	Fix remote code execution in process_plane - CVE-2018-8797
34	Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175
35	Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175
36	Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176
37	Fix Denial of Service in sec_recv - CVE-2018-20176
38	Fix minor information leak in rdpdr_process - CVE-2018-8791
39	Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792
40	Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793
41	Fix Denial of Service in process_bitmap_data - CVE-2018-8796
42	Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798
43	Fix Denial of Service in process_secondary_order - CVE-2018-8799
44	Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800
45	Fix major information leak in ui_clip_handle_data - CVE-2018-20174
46	Fix memory corruption in rdp_in_unistr - CVE-2018-20177
47	Fix Denial of Service in process_demand_active - CVE-2018-20178
48	Fix remote code execution in lspci_process - CVE-2018-20179
49	Fix remote code execution in rdpsnddbg_process - CVE-2018-20180
50	Fix remote code execution in seamless_process - CVE-2018-20181
51	Fix remote code execution in seamless_process_line - CVE-2018-20182
52	references:
53	- https://bugs.mageia.org/show_bug.cgi?id=24192
54	- https://github.com/rdesktop/rdesktop/releases/tag/v1.8.4
55	ID: MGASA-2019-0041