Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2019-2157

Опубликовано: 13 авг. 2019
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2019-2157: freerdp and vinagre security, bug fix, and enhancement update (LOW)

freerdp [2.0.0-1.rc4]

  • Update to 2.0.0-rc4 (#1291254)

vinagre [3.22.0-12]

  • Apply the patch
  • Resolves: #1569552

[3.22.0-11]

  • Set maximum length of RDP password to 255 characters
  • Resolves: #1569552

[3.22.0-10]

  • Make vinagre build with FreeRDP 2 library
  • Resolves: #1680229

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

freerdp

2.0.0-1.rc4.el7

freerdp-devel

2.0.0-1.rc4.el7

freerdp-libs

2.0.0-1.rc4.el7

libwinpr

2.0.0-1.rc4.el7

libwinpr-devel

2.0.0-1.rc4.el7

vinagre

3.22.0-12.el7

Oracle Linux x86_64

freerdp

2.0.0-1.rc4.el7

freerdp-devel

2.0.0-1.rc4.el7

freerdp-libs

2.0.0-1.rc4.el7

libwinpr

2.0.0-1.rc4.el7

libwinpr-devel

2.0.0-1.rc4.el7

vinagre

3.22.0-12.el7

Связанные CVE

CVE-2018-1000852

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2018-1000852

CVSS3: 6.5
ubuntu
около 7 лет назад

FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3.

redhat логотип

CVE-2018-1000852

CVSS3: 4.3
redhat
больше 7 лет назад

FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3.

nvd логотип

CVE-2018-1000852

CVSS3: 6.5
nvd
около 7 лет назад

FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3.

debian логотип

CVE-2018-1000852

CVSS3: 6.5
debian
около 7 лет назад

FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac ...

github логотип

GHSA-vr2x-32cg-pm8g

CVSS3: 6.5
github
больше 3 лет назад

FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3.