ID SSA-2019-135-01 Type slackware Reporter Slackware Linux Project Modified 2019-05-16T04:56:33
Description
New rdesktop packages are available for Slackware 14.0, 14.1, 14.2,
and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
patches/packages/rdesktop-1.8.5-i586-1_slack14.2.txz: Upgraded.
This update fixes security issues:
Add bounds checking to protocol handling in order to fix many
security problems when communicating with a malicious server.
( Security fix )
Where to find the new packages:
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/rdesktop-1.8.5-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/rdesktop-1.8.5-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/rdesktop-1.8.5-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/rdesktop-1.8.5-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/rdesktop-1.8.5-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/rdesktop-1.8.5-x86_64-1_slack14.2.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/rdesktop-1.8.5-i586-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/rdesktop-1.8.5-x86_64-1.txz
Upgrade the package as root:
> upgradepkg rdesktop-1.8.5-i586-1_slack14.2.txz
{"id": "SSA-2019-135-01", "type": "slackware", "bulletinFamily": "unix", "title": "[slackware-security] rdesktop", "description": "New rdesktop packages are available for Slackware 14.0, 14.1, 14.2,\nand -current to fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/rdesktop-1.8.5-i586-1_slack14.2.txz: Upgraded.\n This update fixes security issues:\n Add bounds checking to protocol handling in order to fix many\n security problems when communicating with a malicious server.\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/rdesktop-1.8.5-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/rdesktop-1.8.5-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/rdesktop-1.8.5-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/rdesktop-1.8.5-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/rdesktop-1.8.5-i586-1_slack14.2.txz\n\nUpdated package for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/rdesktop-1.8.5-x86_64-1_slack14.2.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/rdesktop-1.8.5-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/xap/rdesktop-1.8.5-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.0 package:\nba367efcf0f70167a8791d2211f8ca43 rdesktop-1.8.5-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n1495fd99d763c36ac434badb5e8586bf rdesktop-1.8.5-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\nc38052237f138380e385e4562006472f rdesktop-1.8.5-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\nb996ac69fd4379f1a08483e728adb276 rdesktop-1.8.5-x86_64-1_slack14.1.txz\n\nSlackware 14.2 package:\nba6af1c6c0c2adc89cfb94d39db1f976 rdesktop-1.8.5-i586-1_slack14.2.txz\n\nSlackware x86_64 14.2 package:\n0715f48dc29c6ed4bf36900bd82425a3 rdesktop-1.8.5-x86_64-1_slack14.2.txz\n\nSlackware -current package:\n3185621a3ff1e79f204878060811094b xap/rdesktop-1.8.5-i586-1.txz\n\nSlackware x86_64 -current package:\nb0e156f52fff64bc890e898e6de1c5e0 xap/rdesktop-1.8.5-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg rdesktop-1.8.5-i586-1_slack14.2.txz", "published": "2019-05-16T04:56:33", "modified": "2019-05-16T04:56:33", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.423617", "reporter": "Slackware Linux Project", "references": [], "cvelist": [], "lastseen": "2020-10-25T16:36:12", "viewCount": 40, "enchantments": {"score": {"value": 3.3, "vector": "NONE", "modified": "2020-10-25T16:36:12", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["SLACKWARE_SSA_2005-135-01.NASL", "SLACKWARE_SSA_2019-135-01.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231053953"]}], "modified": "2020-10-25T16:36:12", "rev": 2}, "vulnersScore": 3.3}, "affectedPackage": [{"OS": "Slackware", "OSVersion": "14.0", "arch": "i486", "packageName": "rdesktop", "packageVersion": "1.8.5", "packageFilename": "rdesktop-1.8.5-i486-1_slack14.0.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.0", "arch": "x86_64", "packageName": "rdesktop", "packageVersion": "1.8.5", "packageFilename": "rdesktop-1.8.5-x86_64-1_slack14.0.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "arch": "i486", "packageName": "rdesktop", "packageVersion": "1.8.5", "packageFilename": "rdesktop-1.8.5-i486-1_slack14.1.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.1", "arch": "x86_64", "packageName": "rdesktop", "packageVersion": "1.8.5", "packageFilename": "rdesktop-1.8.5-x86_64-1_slack14.1.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.2", "arch": "i586", "packageName": "rdesktop", "packageVersion": "1.8.5", "packageFilename": "rdesktop-1.8.5-i586-1_slack14.2.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "14.2", "arch": "x86_64", "packageName": "rdesktop", "packageVersion": "1.8.5", "packageFilename": "rdesktop-1.8.5-x86_64-1_slack14.2.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "current", "arch": "i586", "packageName": "rdesktop", "packageVersion": "1.8.5", "packageFilename": "rdesktop-1.8.5-i586-1.txz", "operator": "lt"}, {"OS": "Slackware", "OSVersion": "current", "arch": "x86_64", "packageName": "rdesktop", "packageVersion": "1.8.5", "packageFilename": "rdesktop-1.8.5-x86_64-1.txz", "operator": "lt"}]}
{"nessus": [{"lastseen": "2021-02-01T01:12:15", "description": "New rdesktop packages are available for Slackware 14.0, 14.1, 14.2,\nand -current to fix security issues.", "edition": 17, "published": "2019-05-16T00:00:00", "title": "Slackware 14.0 / 14.1 / 14.2 / current : rdesktop (SSA:2019-135-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": [], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.2", "cpe:/o:slackware:slackware_linux:14.1", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux", "p-cpe:/a:slackware:slackware_linux:rdesktop"], "id": "SLACKWARE_SSA_2019-135-01.NASL", "href": "https://www.tenable.com/plugins/nessus/125209", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2019-135-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125209);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/05/16 10:38:53\");\n\n script_xref(name:\"SSA\", value:\"2019-135-01\");\n\n script_name(english:\"Slackware 14.0 / 14.1 / 14.2 / current : rdesktop (SSA:2019-135-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New rdesktop packages are available for Slackware 14.0, 14.1, 14.2,\nand -current to fix security issues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.423617\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f1414213\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rdesktop package.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:rdesktop\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/05/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.0\", pkgname:\"rdesktop\", pkgver:\"1.8.5\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"rdesktop\", pkgver:\"1.8.5\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"rdesktop\", pkgver:\"1.8.5\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"rdesktop\", pkgver:\"1.8.5\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"14.2\", pkgname:\"rdesktop\", pkgver:\"1.8.5\", pkgarch:\"i586\", pkgnum:\"1_slack14.2\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"rdesktop\", pkgver:\"1.8.5\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.2\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"rdesktop\", pkgver:\"1.8.5\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"rdesktop\", pkgver:\"1.8.5\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2019-03-18T14:40:39", "bulletinFamily": "scanner", "cvelist": [], "description": "The remote host is missing an update as announced\nvia advisory SSA:2005-135-01.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231053953", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231053953", "type": "openvas", "title": "Slackware Advisory SSA:2005-135-01 Mozilla/Firefox", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2005_135_01.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.53953\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2005-135-01 Mozilla/Firefox\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(10\\.0|10\\.1)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2005-135-01\");\n script_xref(name:\"URL\", value:\"http://www.mozilla.org/projects/security/known-vulnerabilities.html#Mozilla\");\n\n script_tag(name:\"insight\", value:\"New Mozilla packages are available for Slackware 10.0, 10.1, and -current\nto fix various security issues and bugs. See the referenced Mozilla site for a complete\nlist of the issues patched.\n\nAlso updated is Firefox in Slackware -current.\n\nNew versions of the mozilla-plugins symlink creation package are also out for\nSlackware 10.0 and 10.1, and a new version of the jre-symlink package for\nSlackware -current.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2005-135-01.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"mozilla\", ver:\"1.7.8-i486-1\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mozilla-plugins\", ver:\"1.7.8-noarch-1\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mozilla\", ver:\"1.7.8-i486-1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"mozilla-plugins\", ver:\"1.7.8-noarch-1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 0.0, "vector": "NONE"}}]}
