[ubuntu/bionic-updates] freerdp2 2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Dec 12 11:28:13 UTC 2018 

freerdp2 (2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Heap based buffer overflow in zgfx_decompress_segment
    - debian/patches/CVE-2018-8784.patch: Add checks to ensure not to overflow output
      buffer in libfreerdp/codec/zgfx.c. Based on upstream patch.
    - CVE-2018-8784
  * SECURITY UPDATE: Heap based buffer overflow in zgfx_decompress
    - debian/patches/CVE-2018-8785.patch: Add checks to ensure not to overflow output
      buffer in libfreerdp/codec/zgfx.c. Based on upstream patch.
    - CVE-2018-8785
  * SECURITY UPDATE: Integer truncation in update_read_bitmap_update
    - debian/patches/CVE-2018-8786.patch: Promote count to 32-bit integer
      type to avoid integer truncation in libfreerdp/core/update.c. Based on
      upstream patch.
    - CVE-2018-8786
  * SECURITY UPDATE: Integer overflow in gdi_Bitmap_Decompress
    - debian/patches/CVE-2018-8787.patch: Check for and avoid possible
      integer overflow in libfreerdp/gdi/graphics.c. Based on upstream
      patch.
    - CVE-2018-8787
  * SECURITY UPDATE: Buffer overflow in nsc_rle_decode
    - debian/patches/CVE-2018-8788.patch: Check for lengths and avoid
      possible buffer overflow overflow in libfreerdp/codec/nsc.c and
      libfreerdp/codec/nsc_encode.c. Based on upstream patch.
    - CVE-2018-8788
  * SECURITY UPDATE: Out-of-bounds read in ntlm_read_message_fields_buffer
    - debian/patches/CVE-2018-8789.patch: Ensure to use 64-bit integer
      type when checking offset against stream length in
      winpr/libwinpr/sspi/NTLM/ntlm_message.c. Based on upstream patch.
    - CVE-2018-8789

Date: 2018-12-10 11:38:12.928607+00:00
Changed-By: Alex Murray <alex.murray at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/freerdp2/2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list