|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0287 (freerdp)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2014-0287: Updated freerdp packages fix two vulnerabilities 


Date:
    	      Wed, 9 Jul 2014 00:41:12 +0200


Message-ID:
    	      <20140708224112.9836F5AFBD@valstar.mageia.org>


MGASA-2014-0287 - Updated freerdp packages fix two vulnerabilities

Publication date: 08 Jul 2014
URL: http://advisories.mageia.org/MGASA-2014-0287.html
Type: security
Affected Mageia releases: 3, 4
CVE: CVE-2014-0250,
     CVE-2014-0791

Description:
Updated freerdp packages fix security vulnerabilities:

Integer overflows in memory allocations in client/X11/xf_graphics.c in FreeRDP
through 1.0.2 allows remote RDP servers to have an unspecified impact through
unspecified vectors (CVE-2014-0250).

Integer overflow in the license_read_scope_list function in
libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers
to cause a denial of service (application crash) or possibly have unspecified
other impact via a large ScopeCount value in a Scope List in a Server License
Request packet (CVE-2014-0791).

References:
- http://lists.opensuse.org/opensuse-updates/2014-07/msg000...
- https://bugs.mageia.org/show_bug.cgi?id=13444
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0250
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0791

SRPMS:
- 4/core/freerdp-1.0.2-2.1.mga4
- 3/core/freerdp-1.0.1-2.1.mga3
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds