You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa freerdp

Sigurnosni nedostaci programskog paketa freerdp

openSUSE Security Update: Security update for freerdp
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:0096-1
Rating: important
References: #1085416 #1087240 #1104918 #1116708 #1117963
#1117964 #1117965 #1117966 #1117967 #1120507

Cross-References: CVE-2018-0886 CVE-2018-1000852 CVE-2018-8784
CVE-2018-8785 CVE-2018-8786 CVE-2018-8787
CVE-2018-8788 CVE-2018-8789
Affected Products:
openSUSE Leap 42.3
______________________________________________________________________________

An update that solves 8 vulnerabilities and has two fixes
is now available.

Description:

This update for freerdp fixes the following issues:

Security issues fixed:

– CVE-2018-0886: Fix a remote code execution vulnerability (CredSSP)
(bsc#1085416, bsc#1087240, bsc#1104918)
– CVE-2018-8789: Fix several denial of service vulnerabilities in the in
the NTLM Authentication module (bsc#1117965)
– CVE-2018-8785: Fix a potential remote code execution vulnerability in
the zgfx_decompress function (bsc#1117967)
– CVE-2018-8786: Fix a potential remote code execution vulnerability in
the update_read_bitmap_update function (bsc#1117966)
– CVE-2018-8787: Fix a potential remote code execution vulnerability in
the gdi_Bitmap_Decompress function (bsc#1117964)
– CVE-2018-8788: Fix a potential remote code execution vulnerability in
the nsc_rle_decode function (bsc#1117963)
– CVE-2018-8784: Fix a potential remote code execution vulnerability in
the zgfx_decompress_segment function (bsc#1116708)
– CVE-2018-1000852: Fixed a remote memory access in the
drdynvc_process_capability_request function (bsc#1120507)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-96=1

Package List:

– openSUSE Leap 42.3 (i586 x86_64):

freerdp-2.0.0~git.1463131968.4e66df7-13.1
freerdp-debuginfo-2.0.0~git.1463131968.4e66df7-13.1
freerdp-debugsource-2.0.0~git.1463131968.4e66df7-13.1
freerdp-devel-2.0.0~git.1463131968.4e66df7-13.1
libfreerdp2-2.0.0~git.1463131968.4e66df7-13.1
libfreerdp2-debuginfo-2.0.0~git.1463131968.4e66df7-13.1

References:

https://www.suse.com/security/cve/CVE-2018-0886.html
https://www.suse.com/security/cve/CVE-2018-1000852.html
https://www.suse.com/security/cve/CVE-2018-8784.html
https://www.suse.com/security/cve/CVE-2018-8785.html
https://www.suse.com/security/cve/CVE-2018-8786.html
https://www.suse.com/security/cve/CVE-2018-8787.html
https://www.suse.com/security/cve/CVE-2018-8788.html
https://www.suse.com/security/cve/CVE-2018-8789.html
https://bugzilla.suse.com/1085416
https://bugzilla.suse.com/1087240
https://bugzilla.suse.com/1104918
https://bugzilla.suse.com/1116708
https://bugzilla.suse.com/1117963
https://bugzilla.suse.com/1117964
https://bugzilla.suse.com/1117965
https://bugzilla.suse.com/1117966
https://bugzilla.suse.com/1117967
https://bugzilla.suse.com/1120507


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libraw

Otkriveni su sigurnosni nedostaci programske biblioteke libraw za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja. Savjetuje...

Close