Publishing details
Changelog
freerdp2 (2.0.0~git20180411.1.7a7b1802+dfsg1-2ubuntu0.1) cosmic-security; urgency=medium
* SECURITY UPDATE: Heap based buffer overflow in zgfx_decompress_segment
- debian/patches/CVE-2018-8784.patch: Add checks to ensure not to overflow output
buffer in libfreerdp/codec/zgfx.c. Based on upstream patch.
- CVE-2018-8784
* SECURITY UPDATE: Heap based buffer overflow in zgfx_decompress
- debian/patches/CVE-2018-8785.patch: Add checks to ensure not to overflow output
buffer in libfreerdp/codec/zgfx.c. Based on upstream patch.
- CVE-2018-8785
* SECURITY UPDATE: Integer truncation in update_read_bitmap_update
- debian/patches/CVE-2018-8786.patch: Promote count to 32-bit integer
type to avoid integer truncation in libfreerdp/core/update.c. Based on
upstream patch.
- CVE-2018-8786
* SECURITY UPDATE: Integer overflow in gdi_Bitmap_Decompress
- debian/patches/CVE-2018-8787.patch: Check for and avoid possible
integer overflow in libfreerdp/gdi/graphics.c. Based on upstream
patch.
- CVE-2018-8787
* SECURITY UPDATE: Buffer overflow in nsc_rle_decode
- debian/patches/CVE-2018-8788.patch: Check for lengths and avoid
possible buffer overflow overflow in libfreerdp/codec/nsc.c and
libfreerdp/codec/nsc_encode.c. Based on upstream patch.
- CVE-2018-8788
* SECURITY UPDATE: Out-of-bounds read in ntlm_read_message_fields_buffer
- debian/patches/CVE-2018-8789.patch: Ensure to use 64-bit integer
type when checking offset against stream length in
winpr/libwinpr/sspi/NTLM/ntlm_message.c. Based on upstream patch.
- CVE-2018-8789
-- Alex Murray <email address hidden> Mon, 10 Dec 2018 21:21:01 +1030
Builds
Package files