Package "freerdp-dbg"
Name: |
freerdp-dbg
|
Description: |
RDP client for Windows Terminal Services (debug)
|
Latest version: |
1.0.2-2ubuntu1.2 |
Release: |
trusty (14.04) |
Level: |
security |
Repository: |
main |
Head package: |
freerdp |
Homepage: |
http://www.freerdp.com/ |
Links
Download "freerdp-dbg"
Other versions of "freerdp-dbg" in Trusty
Changelog
freerdp (1.0.2-2ubuntu1.2) trusty-security; urgency=medium
* SECURITY UPDATE: Integer truncation in update_read_bitmap_update
- debian/patches/CVE-2018-8786.patch: Promote count to 32-bit integer
type to avoid integer truncation in libfreerdp-core/update.c. Based on
upstream patch.
- CVE-2018-8786
* SECURITY UPDATE: Integer overflow in gdi_Bitmap_Decompress
- debian/patches/CVE-2018-8787.patch: Check for and avoid possible
integer overflow in libfreerdp-gdi/graphics.c. Based on upstream
patch.
- CVE-2018-8787
-- Alex Murray <email address hidden> Tue, 11 Dec 2018 16:36:47 +1030
|
Source diff to previous version |
CVE-2018-8786 |
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() |
CVE-2018-8787 |
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and re |
|
freerdp (1.0.2-2ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: integer overflow in xf_Pointer_New
- debian/patches/CVE-2014-0250.patch: check width and height in
libfreerdp-core/fastpath.c, libfreerdp-core/rdp.*,
libfreerdp-core/update.*.
- CVE-2014-0250
* SECURITY UPDATE: integer overflow in license_read_scope_list
- debian/patches/CVE-2014-0791.patch: check length in
libfreerdp/core/license.*.
- CVE-2014-0791
* SECURITY UPDATE: out-of-bounds write in rdp_recv_tpkt_pdu
- debian/patches/CVE-2017-2835.patch: properly check length in
libfreerdp-core/info.c, libfreerdp-core/license.c,
libfreerdp-core/peer.c, libfreerdp-core/rdp.*,
libfreerdp-core/capabilities.c, libfreerdp-core/connection.c.
- CVE-2017-2835
* SECURITY UPDATE: rdp client read server proprietary certificate DoS
- debian/patches/CVE-2017-2836.patch: check keylen in
libfreerdp-core/certificate.c.
- CVE-2017-2836
* SECURITY UPDATE: rdp client gcc read server security data DoS
- debian/patches/CVE-2017-2837.patch: check lengths in
libfreerdp-core/gcc.c.
- CVE-2017-2837
* SECURITY UPDATE: rdp client license read product info DoS
- debian/patches/CVE-2017-2838.patch: check lengths in
libfreerdp-core/license.*.
- CVE-2017-2838
* SECURITY UPDATE: rdp client license read challenge packet DoS
- debian/patches/CVE-2017-2839.patch: add checks to
libfreerdp-core/license.*.
- CVE-2017-2839
-- Marc Deslauriers <email address hidden> Thu, 03 Aug 2017 07:55:30 -0400
|
CVE-2014-0250 |
Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to th |
CVE-2014-0791 |
Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a d |
CVE-2017-2835 |
Out-of-bounds write in rdp_recv_tpkt_pdu |
CVE-2017-2836 |
Rdp Client Read Server Proprietary Certificate Denial of Service |
CVE-2017-2837 |
Rdp Client GCC Read Server Security Data Denial of Service |
CVE-2017-2838 |
Rdp Client License Read Product Info Denial of Service |
CVE-2017-2839 |
Rdp Client License Read Challenge Packet Denial of Service |
|
About
-
Send Feedback to @ubuntu_updates