Backport 1.8.4-1 from Disco to Bionic and Cosmic as a security update
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| rdesktop (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
Please backport 1.8.4-1 from Disco to Bionic and Cosmic as a security update. Debian 9 has already received 1.8.4 as a security update.
Upstream changelog:
Add rdp_protocol_error function that is used in several fixes
Refactor of process_
Fix possible integer overflow in s_check_rem() on 32bit arch
Fix memory corruption in process_bitmap_data - CVE-2018-8794
Fix remote code execution in process_bitmap_data - CVE-2018-8795
Fix remote code execution in process_plane - CVE-2018-8797
Fix Denial of Service in mcs_recv_
Fix Denial of Service in mcs_parse_
Fix Denial of Service in sec_parse_
Fix Denial of Service in sec_recv - CVE-2018-20176
Fix minor information leak in rdpdr_process - CVE-2018-8791
Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792
Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793
Fix Denial of Service in process_bitmap_data - CVE-2018-8796
Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798
Fix Denial of Service in process_
Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800
Fix major information leak in ui_clip_handle_data - CVE-2018-20174
Fix memory corruption in rdp_in_unistr - CVE-2018-20177
Fix Denial of Service in process_
Fix remote code execution in lspci_process - CVE-2018-20179
Fix remote code execution in rdpsnddbg_process - CVE-2018-20180
Fix remote code execution in seamless_process - CVE-2018-20181
Fix remote code execution in seamless_
Fix building against OpenSSL 1.1
| information type: | Public → Public Security |
| Changed in rdesktop (Ubuntu): | |
| status: | New → Confirmed |
