Some vulnerabilities have been reported in rdesktop, which can be exploited by malicious people to compromise a user's system.
1) An integer underflow error in iso.c when processing RDP requests can be exploited to cause a heap-based buffer overflow.
2) An input validation error in rdp.c when processing RDP redirect requests can be exploited to cause a BSS-based buffer overflow.
3) A signedness error within "xrealloc()" in rdesktop.c can be exploited to cause a heap-based buffer overflow.
Successful exploitation allows execution of arbitrary code but requires that a user is tricked into connecting to a malicious RDP server.
The vulnerabilities are reported in version 1.5.0. Other versions may also be affected.
Fixed in the CVS repository.
Martin is retiring per bug #159513, so I bumped to the freshly released 1.6.0. It contains all the fixes "linked" above.
Arches, please test and mark stable:
Target keywords : "alpha amd64 hppa ia64 ppc ppc64 release sparc x86"
Stable for HPPA.
ia64 stable, Tobias will do alpha later today
Stable on alpha.
Fixed in release snapshot.