MGASA-2019-0012

See a problem?
Please try reporting it to the source first.
Source
https://advisories.mageia.org/MGASA-2019-0012.html
Import Source
https://advisories.mageia.org/MGASA-2019-0012.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2019-0012
Related
Published
2019-01-05T18:30:16Z
Modified
2019-01-05T18:04:04Z
Summary
Updated freerdp packages fix security vulnerabilities
Details

Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2018-8784, CVE-2018-8785).

Eyal Itkin discovered FreeRDP incorrectly handled bitmaps. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2018-8786, CVE-2018-8787).

Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2018-8788).

Eyal Itkin discovered FreeRDP incorrectly handled NTLM authentication. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2018-8789).

References
Credits

Affected packages

Mageia:6 / freerdp

Package

Name
freerdp
Purl
pkg:rpm/mageia/freerdp?distro=mageia-6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.0-0.rc4.1.mga6

Ecosystem specific 

{
    "section": "core"
}