Synopsis:	Moderate: rdesktop security and bug fix update
Issue date:	2008-04-16
CVE Names:	CVE-2008-1801

An integer underflow vulnerability was discovered in the rdesktop. If an
attacker could convince a victim to connect to a malicious RDP server, the
attacker could cause the victim's rdesktop to crash or, possibly, execute
an arbitrary code. (CVE-2008-1801)

Additionally, the following bug was fixed:

A missing command line option caused rdesktop to fail when using the krdc
remote desktop utility. Using krdc to connect to a terminal server resulted
in errors such as the following:

The version of rdesktop you are using ([version]) is too old:

rdesktop [version] or greater is required. A working patch for rdesktop
[version] can be found in KDE CVS.

In this updated package, krdc successfully connects to terminal servers.

SL 4.x

    SRPMS:
rdesktop-1.3.1-9.src.rpm
    i386:
rdesktop-1.3.1-9.i386.rpm
    x86_64:
rdesktop-1.3.1-9.x86_64.rpm

-Connie Sieh
-Troy Dawson