|
|
| Problem Description |
Several vulnerabilities were discovered in rdesktop, a Remote Desktop
Protocol client.
An integer underflow vulnerability allowed attackers to cause a
denial of service (crash) and possibly execute arbitrary code with
the privileges of the logged-in user (CVE-2008-1801).
A buffer overflow vulnerability allowed attackers to execute arbitrary
code with the privileges of the logged-in user (CVE-2008-1802).
An integer signedness vulnerability allowed attackers to
execute arbitrary code with the privileges of the logged-in user
(CVE-2008-1803).
In order for these vulnerabilities to be exploited, an attacker must
persuade a targeted user to connect to a malicious RDP server.
The updated packages have been patched to correct these issues.
| Updated Packages |
Corporate Server 4.0
51418206cc2473da8e5cd2382be3c0e2 corporate/4.0/i586/rdesktop-1.4.1-1.1.20060mlcs4.i586.rpm a8292c842bc727ca14bdfc454debfd58 corporate/4.0/SRPMS/rdesktop-1.4.1-1.1.20060mlcs4.src.rpm
Corporate Server 4.0/X86_64
14df9b9cc7c73d6ab2a11dafa3e08a13 corporate/4.0/x86_64/rdesktop-1.4.1-1.1.20060mlcs4.x86_64.rpm a8292c842bc727ca14bdfc454debfd58 corporate/4.0/SRPMS/rdesktop-1.4.1-1.1.20060mlcs4.src.rpm
Mandriva Linux 2007.1
c2479d8376d88be833aa8f955c2c1dab 2007.1/i586/rdesktop-1.5.0-1.2mdv2007.1.i586.rpm e5f1b4ec2271ff281deb72ca8b868140 2007.1/SRPMS/rdesktop-1.5.0-1.2mdv2007.1.src.rpm
Mandriva Linux 2007.1/X86_64
5476b145af183bba4c4959ab1536696d 2007.1/x86_64/rdesktop-1.5.0-1.2mdv2007.1.x86_64.rpm e5f1b4ec2271ff281deb72ca8b868140 2007.1/SRPMS/rdesktop-1.5.0-1.2mdv2007.1.src.rpm
Mandriva Linux 2008.0
80a8efe2616d7e8b66914505901a4895 2008.0/i586/rdesktop-1.5.0-3.1mdv2008.0.i586.rpm 837469cc175b5a48694dbd66b7eedc11 2008.0/SRPMS/rdesktop-1.5.0-3.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64
4930b6ec7d4e565e4f06a6b2a090f34c 2008.0/x86_64/rdesktop-1.5.0-3.1mdv2008.0.x86_64.rpm 837469cc175b5a48694dbd66b7eedc11 2008.0/SRPMS/rdesktop-1.5.0-3.1mdv2008.0.src.rpm
Mandriva Linux 2008.1
3d690f988c35ec2345928339619f6abd 2008.1/i586/rdesktop-1.5.0-4.1mdv2008.1.i586.rpm ab205bea3e169673599c18d05d8d59a9 2008.1/SRPMS/rdesktop-1.5.0-4.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64
f41256a3643c67c77a5d83dc2683fdb3 2008.1/x86_64/rdesktop-1.5.0-4.1mdv2008.1.x86_64.rpm ab205bea3e169673599c18d05d8d59a9 2008.1/SRPMS/rdesktop-1.5.0-4.1mdv2008.1.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1803
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.