Описание
Security update for freerdp
This update for freerdp fixes the following issues:
-
CVE-2017-2834: Out-of-bounds write in license_recv() (bsc#1050714)
-
CVE-2017-2835: Out-of-bounds write in rdp_recv_tpkt_pdu (bsc#1050712)
-
CVE-2017-2836: Rdp Client Read Server Proprietary Certificate Denial of Service (bsc#1050699)
-
CVE-2017-2837: Client GCC Read Server Security Data DoS (bsc#1050704)
-
CVE-2017-2838: Client License Read Product Info Denial of Service Vulnerability (bsc#1050708)
-
CVE-2017-2839: Client License Read Challenge Packet Denial of Service (bsc#1050711)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP3
SUSE Linux Enterprise Workstation Extension 12 SP2
SUSE Linux Enterprise Workstation Extension 12 SP3
Ссылки
- Link for SUSE-SU-2017:2234-1
- E-Mail link for SUSE-SU-2017:2234-1
- SUSE Security Ratings
- SUSE Bug 1050699
- SUSE Bug 1050704
- SUSE Bug 1050708
- SUSE Bug 1050711
- SUSE Bug 1050712
- SUSE Bug 1050714
- SUSE CVE CVE-2017-2834 page
- SUSE CVE CVE-2017-2835 page
- SUSE CVE CVE-2017-2836 page
- SUSE CVE CVE-2017-2837 page
- SUSE CVE CVE-2017-2838 page
- SUSE CVE CVE-2017-2839 page
Описание
An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle attack to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2017-2834
- SUSE Bug 1050714
- SUSE Bug 1053919
Описание
An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2017-2835
- SUSE Bug 1050712
- SUSE Bug 1053919
Описание
An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2017-2836
- SUSE Bug 1050699
- SUSE Bug 1053919
Описание
An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2017-2837
- SUSE Bug 1050704
- SUSE Bug 1050708
- SUSE Bug 1053919
Описание
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2017-2838
- SUSE Bug 1050708
- SUSE Bug 1053919
Описание
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2017-2839
- SUSE Bug 1050711
- SUSE Bug 1053919