Описание
Security update for freerdp
This update for freerdp fixes the following issues:
- CVE-2017-2834: Out-of-bounds write in license_recv() (bsc#1050714)
- CVE-2017-2835: Out-of-bounds write in rdp_recv_tpkt_pdu (bsc#1050712)
- CVE-2017-2836: Rdp Client Read Server Proprietary Certificate Denial of Service (bsc#1050699)
- CVE-2017-2837: Client GCC Read Server Security Data DoS (bsc#1050704)
- CVE-2017-2838: Client License Read Product Info Denial of Service Vulnerability (bsc#1050708)
- CVE-2017-2839: Client License Read Challenge Packet Denial of Service (bsc#1050711)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Список пакетов
openSUSE Leap 42.2
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2017:2332-1
- SUSE Security Ratings
Описание
An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle attack to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2017-2834
- SUSE Bug 1050714
- SUSE Bug 1053919
Описание
An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2017-2835
- SUSE Bug 1050712
- SUSE Bug 1053919
Описание
An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2017-2836
- SUSE Bug 1050699
- SUSE Bug 1053919
Описание
An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2017-2837
- SUSE Bug 1050704
- SUSE Bug 1050708
- SUSE Bug 1053919
Описание
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2017-2838
- SUSE Bug 1050708
- SUSE Bug 1053919
Описание
An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability.
Затронутые продукты
Ссылки
- CVE-2017-2839
- SUSE Bug 1050711
- SUSE Bug 1053919