bug-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#27939: FreeRDP CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-28

From: Thomas Danckaert
Subject: bug#27939: FreeRDP CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839
Date: Fri, 04 Aug 2017 10:34:55 +0200 (CEST) 
From: Marius Bakke <address@hidden>
Subject: Re: bug#27939: FreeRDP CVE-2017-2834 CVE-2017-2835 CVE-2017-2836 CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 
Date: Fri, 04 Aug 2017 01:22:01 +0200


Leo Famulari <address@hidden> writes:


The bugs corresponding to CVE-2017-2834 CVE-2017-2835 CVE-2017-2836
CVE-2017-2837 CVE-2017-2838 CVE-2017-2839 were recently fixed in the 
FreeRDP Git repo:

https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c
The most serious of these bugs allow the remote server (or any server in 
between) to execute arbitrary code on your machine.


Yikes! Thanks for the heads-up.

I went ahead and updated to the 2.0.0 rc which contain this fix in
c89091459f24dee4ba4959d65e38589efc1d8d9e.


Thanks!
Unfortunately, vinagre doesn't build against freerdp 2. I'll try to fix that, or otherwise try to backport the patches to freerdp 1.x. 

Thomas
reply via email to
[Prev in Thread] Current Thread [Next in Thread]