openSUSE-SU-2019:2135-1

This update for rdesktop fixes the following issues:

rdesktop was updated to 1.8.6:

• Fix protocol code handling new licenses

rdesktop was updated to 1.8.5:

• Add bounds checking to protocol handling in order to fix many security problems when communicating with a malicious server.

rdesktop was updated to 1.8.4 (fix for boo#1121448):

• Add rdpprotocolerror function that is used in several fixes
• Refactor of processbitmapupdates
• Fix possible integer overflow in scheckrem() on 32bit arch
• Fix memory corruption in processbitmapdata - CVE-2018-8794
• Fix remote code execution in processbitmapdata - CVE-2018-8795
• Fix remote code execution in process_plane - CVE-2018-8797
• Fix Denial of Service in mcsrecvconnect_response - CVE-2018-20175
• Fix Denial of Service in mcsparsedomain_params - CVE-2018-20175
• Fix Denial of Service in secparsecrypt_info - CVE-2018-20176
• Fix Denial of Service in sec_recv - CVE-2018-20176
• Fix minor information leak in rdpdr_process - CVE-2018-8791
• Fix Denial of Service in csspreadtsrequest - CVE-2018-8792
• Fix remote code execution in csspreadtsrequest - CVE-2018-8793
• Fix Denial of Service in processbitmapdata - CVE-2018-8796
• Fix minor information leak in rdpsndprocessping - CVE-2018-8798
• Fix Denial of Service in processsecondaryorder - CVE-2018-8799
• Fix remote code execution in in uicliphandle_data - CVE-2018-8800
• Fix major information leak in uicliphandle_data - CVE-2018-20174
• Fix memory corruption in rdpinunistr - CVE-2018-20177
• Fix Denial of Service in processdemandactive - CVE-2018-20178
• Fix remote code execution in lspci_process - CVE-2018-20179
• Fix remote code execution in rdpsnddbg_process - CVE-2018-20180
• Fix remote code execution in seamless_process - CVE-2018-20181
• Fix remote code execution in seamlessprocessline - CVE-2018-20182
• Fix building against OpenSSL 1.1
• remove obsolete patches
• rdesktop-Fix-OpenSSL-1.1-compability-issues.patch

• rdesktop-Fix-crash-in-rdsslcertto_rkey.patch

• update changes file

• add missing info about bugzilla 1121448

• Added rdesktop-Fix-decryption.patch Patch from https://github.com/rdesktop/rdesktop/pull/334 to fix connections to VirtualBox.

• update to 1.8.6

• Fix protocol code handling new licenses

• update to 1.8.5

• Add bounds checking to protocol handling in order to fix many security problems when communicating with a malicious server.

• Trim redundant wording from description.

• Use %make_install.

• update to 1.8.4 (fix for boo#1121448)

• Add rdpprotocolerror function that is used in several fixes
• Refactor of processbitmapupdates
• Fix possible integer overflow in scheckrem() on 32bit arch
• Fix memory corruption in processbitmapdata - CVE-2018-8794
• Fix remote code execution in processbitmapdata - CVE-2018-8795
• Fix remote code execution in process_plane - CVE-2018-8797
• Fix Denial of Service in mcsrecvconnect_response - CVE-2018-20175
• Fix Denial of Service in mcsparsedomain_params - CVE-2018-20175
• Fix Denial of Service in secparsecrypt_info - CVE-2018-20176
• Fix Denial of Service in sec_recv - CVE-2018-20176
• Fix minor information leak in rdpdr_process - CVE-2018-8791
• Fix Denial of Service in csspreadtsrequest - CVE-2018-8792
• Fix remote code execution in csspreadtsrequest - CVE-2018-8793
• Fix Denial of Service in processbitmapdata - CVE-2018-8796
• Fix minor information leak in rdpsndprocessping - CVE-2018-8798
• Fix Denial of Service in processsecondaryorder - CVE-2018-8799
• Fix remote code execution in in uicliphandle_data - CVE-2018-8800
• Fix major information leak in uicliphandle_data - CVE-2018-20174
• Fix memory corruption in rdpinunistr - CVE-2018-20177
• Fix Denial of Service in processdemandactive - CVE-2018-20178
• Fix remote code execution in lspci_process - CVE-2018-20179
• Fix remote code execution in rdpsnddbg_process - CVE-2018-20180
• Fix remote code execution in seamless_process - CVE-2018-20181
• Fix remote code execution in seamlessprocessline - CVE-2018-20182
• Fix building against OpenSSL 1.1