*** This bug is a security vulnerability ***
Public security bug reported:
Please backport 1.8.4-1 from Disco to Bionic and Cosmic as a security
update. Debian 9 has already received 1.8.4 as a security update.
Upstream changelog:
Add rdp_protocol_error function that is used in several fixes
Refactor of process_bitmap_updates
Fix possible integer overflow in s_check_rem() on 32bit arch
Fix memory corruption in process_bitmap_data - CVE-2018-8794
Fix remote code execution in process_bitmap_data - CVE-2018-8795
Fix remote code execution in process_plane - CVE-2018-8797
Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175
Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175
Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176
Fix Denial of Service in sec_recv - CVE-2018-20176
Fix minor information leak in rdpdr_process - CVE-2018-8791
Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792
Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793
Fix Denial of Service in process_bitmap_data - CVE-2018-8796
Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798
Fix Denial of Service in process_secondary_order - CVE-2018-8799
Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800
Fix major information leak in ui_clip_handle_data - CVE-2018-20174
Fix memory corruption in rdp_in_unistr - CVE-2018-20177
Fix Denial of Service in process_demand_active - CVE-2018-20178
Fix remote code execution in lspci_process - CVE-2018-20179
Fix remote code execution in rdpsnddbg_process - CVE-2018-20180
Fix remote code execution in seamless_process - CVE-2018-20181
Fix remote code execution in seamless_process_line - CVE-2018-20182
Fix building against OpenSSL 1.1
** Affects: rdesktop (Ubuntu)
Importance: Undecided
Status: New
** Tags: bionic cosmic
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-8794
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-8795
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-8797
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20175
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20176
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-8791
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-8792
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-8793
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-8796
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-8798
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-8799
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-8800
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20174
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20177
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20178
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20179
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20180
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20181
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20182
** Information type changed from Public to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1817415
Title:
Backport 1.8.4-1 from Disco to Bionic and Cosmic as a security update
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rdesktop/+bug/1817415/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
