Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 674558 (CVE-2018-20174, CVE-2018-20175, CVE-2018-20176, CVE-2018-20177, CVE-2018-20178, CVE-2018-20179, CVE-2018-20180, CVE-2018-20181, CVE-2018-20182, CVE-2018-8791, CVE-2018-8792, CVE-2018-8793, CVE-2018-8794, CVE-2018-8795, CVE-2018-8796, CVE-2018-8797, CVE-2018-8798, CVE-2018-8799, CVE-2018-8800)

Summary: <net-misc/rdesktop-1.8.4-r1: multiple vulnerabilities
Product: Gentoo Security Reporter: Bernard Cafarelli <voyageur>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: voyageur
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://groups.google.com/forum/#!topic/rdesktop-announce/gBtD1Rxt3B4
Whiteboard: B2 [glsa+ cve]
Package list:
net-misc/rdesktop-1.8.4-r1
Runtime testing required: ---

Description Bernard Cafarelli gentoo-dev 2019-01-04 22:58:52 UTC
This release includes fixes for a set of 21 vulnerabilities in rdesktop
when a malicious RDP server is used. All vulnerabilities was identified
and reported by Eyal Itkin.

Latest stable version source is available for downloaded here [1].

[1] https://github.com/rdesktop/rdesktop/releases/latest

ChangeLog:
  * Add rdp_protocol_error function that is used in several fixes
  * Refactor of process_bitmap_updates
  * Fix possible integer overflow in s_check_rem() on 32bit arch
  * Fix memory corruption in process_bitmap_data - CVE-2018-8794
  * Fix remote code execution in process_bitmap_data - CVE-2018-8795
  * Fix remote code execution in process_plane - CVE-2018-8797
  * Fix Denial of Service in mcs_recv_connect_response - CVE-2018-20175
  * Fix Denial of Service in mcs_parse_domain_params - CVE-2018-20175
  * Fix Denial of Service in sec_parse_crypt_info - CVE-2018-20176
  * Fix Denial of Service in sec_recv - CVE-2018-20176
  * Fix minor information leak in rdpdr_process - CVE-2018-8791
  * Fix Denial of Service in cssp_read_tsrequest - CVE-2018-8792
  * Fix remote code execution in cssp_read_tsrequest - CVE-2018-8793
  * Fix Denial of Service in process_bitmap_data - CVE-2018-8796
  * Fix minor information leak in rdpsnd_process_ping - CVE-2018-8798
  * Fix Denial of Service in process_secondary_order - CVE-2018-8799
  * Fix remote code execution in in ui_clip_handle_data - CVE-2018-8800
  * Fix major information leak in ui_clip_handle_data - CVE-2018-20174
  * Fix memory corruption in rdp_in_unistr - CVE-2018-20177
  * Fix Denial of Service in process_demand_active - CVE-2018-20178
  * Fix remote code execution in lspci_process - CVE-2018-20179
  * Fix remote code execution in rdpsnddbg_process - CVE-2018-20180
  * Fix remote code execution in seamless_process - CVE-2018-20181
  * Fix remote code execution in seamless_process_line - CVE-2018-20182
  * Fix building against OpenSSL 1.1
Comment 2 Agostino Sarubbo gentoo-dev 2019-02-19 20:21:41 UTC
amd64 stable
Comment 3 Sergei Trofimovich (RETIRED) gentoo-dev 2019-02-23 20:49:21 UTC
ia64 stable
Comment 4 Sergei Trofimovich (RETIRED) gentoo-dev 2019-02-23 21:00:12 UTC
ppc64 stable
Comment 5 Sergei Trofimovich (RETIRED) gentoo-dev 2019-02-23 21:02:33 UTC
ppc stable
Comment 6 Thomas Deutschmann (RETIRED) gentoo-dev 2019-02-24 19:02:22 UTC
x86 stable
Comment 7 Rolf Eike Beer archtester 2019-02-26 20:37:24 UTC
sparc stable
Comment 8 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-03-02 15:30:54 UTC
arm stable
Comment 9 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-03-10 15:34:16 UTC
alpha stable
Comment 10 Aaron Bauman (RETIRED) gentoo-dev 2019-03-10 19:29:39 UTC
@maintainer, please clean vulnerable.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2019-03-10 20:46:17 UTC
This issue was resolved and addressed in
 GLSA 201903-06 at https://security.gentoo.org/glsa/201903-06
by GLSA coordinator Aaron Bauman (b-man).
Comment 12 Aaron Bauman (RETIRED) gentoo-dev 2019-03-10 20:46:49 UTC
re-opened for cleanup
Comment 13 Bernard Cafarelli gentoo-dev 2019-03-11 07:48:57 UTC
All affected versions removed from tree
Comment 14 Larry the Git Cow gentoo-dev 2019-03-11 07:49:37 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e745dcaa8b9020f635aee9d6aec03c8e46ddbd56

commit e745dcaa8b9020f635aee9d6aec03c8e46ddbd56
Author:     Bernard Cafarelli <voyageur@gentoo.org>
AuthorDate: 2019-03-11 07:48:18 +0000
Commit:     Bernard Cafarelli <voyageur@gentoo.org>
CommitDate: 2019-03-11 07:49:29 +0000

    net-misc/rdesktop: drop vulnerable versions
    
    Bug: https://bugs.gentoo.org/674558
    Package-Manager: Portage-2.3.62, Repoman-2.3.12
    Signed-off-by: Bernard Cafarelli <voyageur@gentoo.org>

 net-misc/rdesktop/Manifest                         |   1 -
 .../files/rdesktop-1.7.0-libao_crash.patch         |  18 ---
 .../files/rdesktop-1.8.3-openssl-1.1.patch         | 125 ---------------------
 net-misc/rdesktop/rdesktop-1.8.3-r1.ebuild         |  74 ------------
 net-misc/rdesktop/rdesktop-1.8.3-r2.ebuild         |  76 -------------
 net-misc/rdesktop/rdesktop-1.8.3-r3.ebuild         |  70 ------------
 net-misc/rdesktop/rdesktop-1.8.3.ebuild            |  74 ------------
 net-misc/rdesktop/rdesktop-1.8.4.ebuild            |  69 ------------
 8 files changed, 507 deletions(-)
Comment 15 Yury German Gentoo Infrastructure gentoo-dev 2019-03-11 15:33:28 UTC
Arches and Maintainer(s), Thank you for your work.