Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:2506-1

Опубликовано: 12 окт. 2016
Источник: suse-cvrf

Описание

Security update for freerdp

This update for freerdp fixes the following issues:

  • CVE-2013-4118: Added a NULL pointer check to fix a server crash (bsc#829013).
  • CVE-2014-0791: Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP allowed remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet. (bsc#857491)
  • CVE-2014-0250: Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allowed remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated. (bsc#880317)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP1
freerdp-1.0.2-9.1
libfreerdp-1_0-1.0.2-9.1
libfreerdp-1_0-plugins-1.0.2-9.1
SUSE Linux Enterprise Software Development Kit 12 SP1
freerdp-devel-1.0.2-9.1
libfreerdp-1_0-1.0.2-9.1
SUSE Linux Enterprise Workstation Extension 12 SP1
freerdp-1.0.2-9.1
libfreerdp-1_0-1.0.2-9.1
libfreerdp-1_0-plugins-1.0.2-9.1

Ссылки

Описание

FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:freerdp-1.0.2-9.1
SUSE Linux Enterprise Desktop 12 SP1:libfreerdp-1_0-1.0.2-9.1
SUSE Linux Enterprise Desktop 12 SP1:libfreerdp-1_0-plugins-1.0.2-9.1
SUSE Linux Enterprise Software Development Kit 12 SP1:freerdp-devel-1.0.2-9.1
Ссылки

Описание

Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:freerdp-1.0.2-9.1
SUSE Linux Enterprise Desktop 12 SP1:libfreerdp-1_0-1.0.2-9.1
SUSE Linux Enterprise Desktop 12 SP1:libfreerdp-1_0-plugins-1.0.2-9.1
SUSE Linux Enterprise Software Development Kit 12 SP1:freerdp-devel-1.0.2-9.1
Ссылки

Описание

Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:freerdp-1.0.2-9.1
SUSE Linux Enterprise Desktop 12 SP1:libfreerdp-1_0-1.0.2-9.1
SUSE Linux Enterprise Desktop 12 SP1:libfreerdp-1_0-plugins-1.0.2-9.1
SUSE Linux Enterprise Software Development Kit 12 SP1:freerdp-devel-1.0.2-9.1
Ссылки