Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0287)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2014.0287

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2014-0287)

Resumen: The remote host is missing an update for the 'freerdp' package(s) announced via the MGASA-2014-0287 advisory.

Descripción: Summary:
The remote host is missing an update for the 'freerdp' package(s) announced via the MGASA-2014-0287 advisory.

Vulnerability Insight:
Updated freerdp packages fix security vulnerabilities:

Integer overflows in memory allocations in client/X11/xf_graphics.c in FreeRDP
through 1.0.2 allows remote RDP servers to have an unspecified impact through
unspecified vectors (CVE-2014-0250).

Integer overflow in the license_read_scope_list function in
libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers
to cause a denial of service (application crash) or possibly have unspecified
other impact via a large ScopeCount value in a Scope List in a Server License
Request packet (CVE-2014-0791).

Affected Software/OS:
'freerdp' package(s) on Mageia 3, Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-0250
67670
http://www.securityfocus.com/bid/67670
GLSA-201412-18
http://security.gentoo.org/glsa/glsa-201412-18.xml
MDVSA-2015:171
http://www.mandriva.com/security/advisories?name=MDVSA-2015:171
[oss-security] 20140528 freerdp: integer overflows in memory allocations in client/X11/xf_graphics.c
http://seclists.org/oss-sec/2014/q2/365
http://advisories.mageia.org/MGASA-2014-0287.html
https://bugzilla.redhat.com/show_bug.cgi?id=998934
https://github.com/FreeRDP/FreeRDP/issues/1871
https://github.com/FreeRDP/FreeRDP/pull/1874
openSUSE-SU-2014:0862
http://lists.opensuse.org/opensuse-updates/2014-07/msg00008.html
Common Vulnerability Exposure (CVE) ID: CVE-2014-0791
https://bugzilla.redhat.com/show_bug.cgi?id=998941
https://github.com/FreeRDP/FreeRDP/pull/1649
https://github.com/sidhpurwala-huzaifa/FreeRDP/commit/e2745807c4c3e0a590c0f69a9b655dc74ebaa03e
https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html
http://openwall.com/lists/oss-security/2014/01/02/5
http://openwall.com/lists/oss-security/2014/01/03/4
SuSE Security Announcement: openSUSE-SU-2014:0862 (Google Search)
SuSE Security Announcement: openSUSE-SU-2016:2400 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-09/msg00101.html
SuSE Security Announcement: openSUSE-SU-2016:2402 (Google Search)
http://lists.opensuse.org/opensuse-updates/2016-09/msg00102.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0287
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0287)
Resumen:	The remote host is missing an update for the 'freerdp' package(s) announced via the MGASA-2014-0287 advisory.
Descripción:	Summary: The remote host is missing an update for the 'freerdp' package(s) announced via the MGASA-2014-0287 advisory. Vulnerability Insight: Updated freerdp packages fix security vulnerabilities: Integer overflows in memory allocations in client/X11/xf_graphics.c in FreeRDP through 1.0.2 allows remote RDP servers to have an unspecified impact through unspecified vectors (CVE-2014-0250). Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet (CVE-2014-0791). Affected Software/OS: 'freerdp' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0250 67670 http://www.securityfocus.com/bid/67670 GLSA-201412-18 http://security.gentoo.org/glsa/glsa-201412-18.xml MDVSA-2015:171 http://www.mandriva.com/security/advisories?name=MDVSA-2015:171 [oss-security] 20140528 freerdp: integer overflows in memory allocations in client/X11/xf_graphics.c http://seclists.org/oss-sec/2014/q2/365 http://advisories.mageia.org/MGASA-2014-0287.html https://bugzilla.redhat.com/show_bug.cgi?id=998934 https://github.com/FreeRDP/FreeRDP/issues/1871 https://github.com/FreeRDP/FreeRDP/pull/1874 openSUSE-SU-2014:0862 http://lists.opensuse.org/opensuse-updates/2014-07/msg00008.html Common Vulnerability Exposure (CVE) ID: CVE-2014-0791 https://bugzilla.redhat.com/show_bug.cgi?id=998941 https://github.com/FreeRDP/FreeRDP/pull/1649 https://github.com/sidhpurwala-huzaifa/FreeRDP/commit/e2745807c4c3e0a590c0f69a9b655dc74ebaa03e https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html http://openwall.com/lists/oss-security/2014/01/02/5 http://openwall.com/lists/oss-security/2014/01/03/4 SuSE Security Announcement: openSUSE-SU-2014:0862 (Google Search) SuSE Security Announcement: openSUSE-SU-2016:2400 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-09/msg00101.html SuSE Security Announcement: openSUSE-SU-2016:2402 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-09/msg00102.html
Copyright	Copyright (C) 2022 Greenbone AG