Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=homepage-ng.git;a=commitdiff;h=3961db49fd6da7e0cfb400a4f2bac1b4d50e91ad
commit 3961db49fd6da7e0cfb400a4f2bac1b4d50e91ad Author: Miklos Vajna <[EMAIL PROTECTED]> Date: Tue May 20 13:24:28 2008 +0200 FSA449-rdesktop diff --git a/frugalware/xml/security.xml b/frugalware/xml/security.xml index 685b44a..a19d4e2 100644 --- a/frugalware/xml/security.xml +++ b/frugalware/xml/security.xml @@ -26,6 +26,22 @@ <fsas> <fsa> + <id>449</id> + <date>2008-05-20</date> + <package>rdesktop</package> + <vulnerable>1.5.0-2</vulnerable> + <unaffected>1.6.0-1kalgan1</unaffected> + <bts>http://bugs.frugalware.org/task/3078</bts> + <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1801 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1802 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1803</cve> + <desc>Some vulnerabilities have been reported in rdesktop, which can be exploited by malicious people to compromise a user's system. + 1) An integer underflow error in iso.c when processing RDP requests can be exploited to cause a heap-based buffer overflow. + 2) An input validation error in rdp.c when processing RDP redirect requests can be exploited to cause a BSS-based buffer overflow. + 3) A signedness error within "xrealloc()" in rdesktop.c can be exploited to cause a heap-based buffer overflow. + Successful exploitation allows execution of arbitrary code but requires that a user is tricked into connecting to a malicious RDP server.</desc> + </fsa> + <fsa> <id>448</id> <date>2008-05-20</date> <package>php</package> _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
