UbuntuUpdates.org

Package "libfreerdp-server2-2"

Name: libfreerdp-server2-2

Description:

Free Remote Desktop Protocol library (server library)

Latest version: 2.2.0+dfsg1-0ubuntu0.18.04.4
Release: bionic (18.04)
Level: security
Repository: main
Head package: freerdp2
Homepage: http://www.freerdp.com/

Links


Download "libfreerdp-server2-2"


Other versions of "libfreerdp-server2-2" in Bionic

Repository Area Version
base main 2.0.0~git20170725.1.1648deb+dfsg1-7
updates main 2.2.0+dfsg1-0ubuntu0.18.04.4

Changelog

Version: 2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1 2018-12-12 12:07:09 UTC

  freerdp2 (2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Heap based buffer overflow in zgfx_decompress_segment
    - debian/patches/CVE-2018-8784.patch: Add checks to ensure not to overflow output
      buffer in libfreerdp/codec/zgfx.c. Based on upstream patch.
    - CVE-2018-8784
  * SECURITY UPDATE: Heap based buffer overflow in zgfx_decompress
    - debian/patches/CVE-2018-8785.patch: Add checks to ensure not to overflow output
      buffer in libfreerdp/codec/zgfx.c. Based on upstream patch.
    - CVE-2018-8785
  * SECURITY UPDATE: Integer truncation in update_read_bitmap_update
    - debian/patches/CVE-2018-8786.patch: Promote count to 32-bit integer
      type to avoid integer truncation in libfreerdp/core/update.c. Based on
      upstream patch.
    - CVE-2018-8786
  * SECURITY UPDATE: Integer overflow in gdi_Bitmap_Decompress
    - debian/patches/CVE-2018-8787.patch: Check for and avoid possible
      integer overflow in libfreerdp/gdi/graphics.c. Based on upstream
      patch.
    - CVE-2018-8787
  * SECURITY UPDATE: Buffer overflow in nsc_rle_decode
    - debian/patches/CVE-2018-8788.patch: Check for lengths and avoid
      possible buffer overflow overflow in libfreerdp/codec/nsc.c and
      libfreerdp/codec/nsc_encode.c. Based on upstream patch.
    - CVE-2018-8788
  * SECURITY UPDATE: Out-of-bounds read in ntlm_read_message_fields_buffer
    - debian/patches/CVE-2018-8789.patch: Ensure to use 64-bit integer
      type when checking offset against stream length in
      winpr/libwinpr/sspi/NTLM/ntlm_message.c. Based on upstream patch.
    - CVE-2018-8789

 -- Alex Murray <email address hidden> Mon, 10 Dec 2018 13:50:31 +1030

CVE-2018-8784 FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption an
CVE-2018-8785 FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probab
CVE-2018-8786 FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update()
CVE-2018-8787 FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and re
CVE-2018-8788 FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption
CVE-2018-8789 FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfau



About   -   Send Feedback to @ubuntu_updates