1155523 – (CVE-2019-15682) VUL-0: CVE-2019-15682: rdesktop: denial of service via multiple out-of-bound access read vulnerabilities

Bug 1155523 (CVE-2019-15682) - VUL-0: CVE-2019-15682: rdesktop: denial of service via multiple out-of-bound access read vulnerabilities

Summary: VUL-0: CVE-2019-15682: rdesktop: denial of service via multiple out-of-bound ...

Status:	RESOLVED FIXED

Alias:	CVE-2019-15682

Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Basesystem (show other bugs)
Version:	Leap 15.1
Hardware:	Other Other

Priority:	P5 - None Severity: Minor (vote)
Target Milestone:	---
Assignee:	Christian Wittmer
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/246141/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2019-10-31 07:21 UTC by Alexander Bergmann
Modified:	2019-10-31 07:24 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2019-10-31 07:21:52 UTC

CVE-2019-15682

RDesktop version 1.8.4 contains multiple out-of-bound access read
vulnerabilities in its code, which results in a denial of service (DoS)
condition. This attack appear to be exploitable via network connectivity. These
issues have been fixed in version 1.8.5

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-15682
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15682
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/10/30/klcert-19-032-denial-of-service-in-rdesktop-before-1-8-4/

Comment 1 Alexander Bergmann 2019-10-31 07:24:19 UTC

openSUSE Leap and Factory are already on version 1.8.6. Closing as fixed.