 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Mon, 28 Jul 2008 16:13:49 -0500 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Synopsis: Moderate: rdesktop security and bug fix update
Issue date: 2008-04-16
CVE Names: CVE-2008-1801
An integer underflow vulnerability was discovered in the rdesktop. If an
attacker could convince a victim to connect to a malicious RDP server, the
attacker could cause the victim's rdesktop to crash or, possibly, execute
an arbitrary code. (CVE-2008-1801)
Additionally, the following bug was fixed:
A missing command line option caused rdesktop to fail when using the krdc
remote desktop utility. Using krdc to connect to a terminal server resulted
in errors such as the following:
The version of rdesktop you are using ([version]) is too old:
rdesktop [version] or greater is required. A working patch for rdesktop
[version] can be found in KDE CVS.
In this updated package, krdc successfully connects to terminal servers.
SL 4.x
SRPMS:
rdesktop-1.3.1-9.src.rpm
i386:
rdesktop-1.3.1-9.i386.rpm
x86_64:
rdesktop-1.3.1-9.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|
