Nom du paquet
rdesktop
Date
2011-05-28
Advisory ID
MDVSA-2011:102
Affected versions
2009.0 x86_64 , MES5 i586 , 2010.1 i586 , 2009.0 i586 , CS4.0 i586 , CS4.0 x86_64 , MES5 x86_64 , 2010.1 x86_64

Problem description

A vulnerability has been identified and fixed in rdesktop:

Directory traversal vulnerability in the disk_create function in
disk.c in rdesktop before 1.7.0, when disk redirection is enabled,
allows remote RDP servers to read or overwrite arbitrary files via
a .. (dot dot) in a pathname (CVE-2011-1595).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php\?cPath=149\&products_id=490

The updated packages have been patched to correct this issue.

Updated packages

2009.0 x86_64

 d2822a3d35f810b358303524f5b8b59e  2009.0/x86_64/rdesktop-1.6.0-4.1mdv2009.0.x86_64.rpm 
 4510e318899bc8e082c1d2425a669fd7  2009.0/SRPMS/rdesktop-1.6.0-4.1mdv2009.0.src.rpm

MES5 i586

 c2f395818fad39c475aadc8884ce664e  mes5/i586/rdesktop-1.6.0-4.1mdvmes5.2.i586.rpm 
 85f0ac66db03e44f2bf03434786cda8e  mes5/SRPMS/rdesktop-1.6.0-4.1mdvmes5.2.src.rpm

2010.1 i586

 4993b0be42653f8a24ea1b9e2cbfe02c  2010.1/i586/rdesktop-1.6.0-11.1mdv2010.2.i586.rpm 
 25e8f153a3cd642e9993cdabae897b62  2010.1/SRPMS/rdesktop-1.6.0-11.1mdv2010.2.src.rpm

2009.0 i586

 918cfba3795494f163c9d6ee5729a500  2009.0/i586/rdesktop-1.6.0-4.1mdv2009.0.i586.rpm 
 4510e318899bc8e082c1d2425a669fd7  2009.0/SRPMS/rdesktop-1.6.0-4.1mdv2009.0.src.rpm

CS4.0 i586

 440e2625f77de1c862bf4babf1f6e8ba  corporate/4.0/i586/rdesktop-1.4.1-1.2.20060mlcs4.i586.rpm 
 3771560586bffcfe6fa7a833127c5068  corporate/4.0/SRPMS/rdesktop-1.4.1-1.2.20060mlcs4.src.rpm

CS4.0 x86_64

 301f64a655c16678069e43c7d999e6fa  corporate/4.0/x86_64/rdesktop-1.4.1-1.2.20060mlcs4.x86_64.rpm 
 3771560586bffcfe6fa7a833127c5068  corporate/4.0/SRPMS/rdesktop-1.4.1-1.2.20060mlcs4.src.rpm

MES5 x86_64

 bfdfb7a5e8818e6f7a250b849dc1f45e  mes5/x86_64/rdesktop-1.6.0-4.1mdvmes5.2.x86_64.rpm 
 85f0ac66db03e44f2bf03434786cda8e  mes5/SRPMS/rdesktop-1.6.0-4.1mdvmes5.2.src.rpm

2010.1 x86_64

 c591e1214b1c5f92b7188b388c7cea16  2010.1/x86_64/rdesktop-1.6.0-11.1mdv2010.2.x86_64.rpm 
 25e8f153a3cd642e9993cdabae897b62  2010.1/SRPMS/rdesktop-1.6.0-11.1mdv2010.2.src.rpm

References