Scientific Linux alert SLSA-2019:0697-1 (freerdp)


From:
               Scott Reid <svreid@fnal.gov> 
To:
               <scientific-linux-errata@listserv.fnal.gov> 
Subject:
               Security ERRATA Important: freerdp on SL7.x x86_64 
Date:
               Tue, 2 Apr 2019 16:41:56 +0000
Message-ID:
               <20190402164156.22684.86938@slpackages.fnal.gov>
Synopsis: Important: freerdp security update
Advisory ID:       SLSA-2019:0697-1
Issue Date:        2019-04-02
CVE Numbers:       CVE-2018-8786
                   CVE-2018-8787
                   CVE-2018-8788
--

Security Fix(es):

* freerdp: Integer truncation leading to heap-based buffer overflow in
update_read_bitmap_update() function (CVE-2018-8786)

* freerdp: Integer overflow leading to heap-based buffer overflow in
gdi_Bitmap_Decompress() function (CVE-2018-8787)

* freerdp: Out-of-bounds write in nsc_rle_decode() function
(CVE-2018-8788)
--

SL7
  x86_64
    freerdp-1.0.2-15.el7_6.1.x86_64.rpm
    freerdp-debuginfo-1.0.2-15.el7_6.1.i686.rpm
    freerdp-debuginfo-1.0.2-15.el7_6.1.x86_64.rpm
    freerdp-libs-1.0.2-15.el7_6.1.i686.rpm
    freerdp-libs-1.0.2-15.el7_6.1.x86_64.rpm
    freerdp-plugins-1.0.2-15.el7_6.1.x86_64.rpm
    freerdp-devel-1.0.2-15.el7_6.1.i686.rpm
    freerdp-devel-1.0.2-15.el7_6.1.x86_64.rpm

- Scientific Linux Development Team

From:		Scott Reid <svreid@fnal.gov>
To:		<scientific-linux-errata@listserv.fnal.gov>
Subject:		Security ERRATA Important: freerdp on SL7.x x86_64
Date:		Tue, 2 Apr 2019 16:41:56 +0000
Message-ID:		<20190402164156.22684.86938@slpackages.fnal.gov>