openSUSE Security Update : freerdp (openSUSE-2017-992)

High Nessus Plugin ID 102945


The remote openSUSE host is missing a security update.


This update for freerdp fixes the following issues :

- CVE-2017-2834: Out-of-bounds write in license_recv() (bsc#1050714)

- CVE-2017-2835: Out-of-bounds write in rdp_recv_tpkt_pdu (bsc#1050712)

- CVE-2017-2836: Rdp Client Read Server Proprietary Certificate Denial of Service (bsc#1050699)

- CVE-2017-2837: Client GCC Read Server Security Data DoS (bsc#1050704)

- CVE-2017-2838: Client License Read Product Info Denial of Service Vulnerability (bsc#1050708)

- CVE-2017-2839: Client License Read Challenge Packet Denial of Service (bsc#1050711)

This update was imported from the SUSE:SLE-12-SP2:Update update project.


Update the affected freerdp packages.

See Also

Plugin Details

Severity: High

ID: 102945

File Name: openSUSE-2017-992.nasl

Version: $Revision: 3.1 $

Type: local

Agent: unix

Published: 2017/09/05

Modified: 2017/09/05

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:freerdp, p-cpe:/a:novell:opensuse:freerdp-debuginfo, p-cpe:/a:novell:opensuse:freerdp-debugsource, p-cpe:/a:novell:opensuse:freerdp-devel, p-cpe:/a:novell:opensuse:libfreerdp2, p-cpe:/a:novell:opensuse:libfreerdp2-debuginfo, cpe:/o:novell:opensuse:42.2, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2017/09/02

Reference Information

CVE: CVE-2017-2834, CVE-2017-2835, CVE-2017-2836, CVE-2017-2837, CVE-2017-2838, CVE-2017-2839