Skip to navigation

Security Advisory Moderate: rdesktop security update

Advisory: RHSA-2011:0506-1
Type: Security Advisory
Severity: Moderate
Issued on: 2011-05-11
Last updated on: 2011-05-11
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux EUS (v. 5.6.z server)
Red Hat Enterprise Linux Long Life (v. 5.6 server)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.0.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-1595

Details

An updated rdesktop package that fixes one security issue is now available
for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having moderate
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

rdesktop is a client for the Remote Desktop Server (previously, Terminal
Server) in Microsoft Windows. It uses the Remote Desktop Protocol (RDP) to
remotely present a user's desktop.

A directory traversal flaw was found in the way rdesktop shared a local
path with a remote server. If a user connects to a malicious server with
rdesktop, the server could use this flaw to cause rdesktop to read and
write to arbitrary, local files accessible to the user running rdesktop.
(CVE-2011-1595)

Red Hat would like to thank Cendio AB for reporting this issue. Cendio AB
acknowledges an anonymous contributor working with the SecuriTeam Secure
Disclosure program as the original reporter.

Users of rdesktop should upgrade to this updated package, which contains a
backported patch to resolve this issue.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
rdesktop-1.6.0-3.el5_6.2.src.rpm
File outdated by:  RHBA-2013:1367
    MD5: 11b60845b38e476d490d2a9fde85f121
SHA-256: 29e9db01d4f898fdf0b976c5a6f880d52f0b4a5557e66e968a99634f0bff06fd
 
IA-32:
rdesktop-1.6.0-3.el5_6.2.i386.rpm
File outdated by:  RHBA-2013:1367
    MD5: 4eee3664186d50c5b3e53cbff7bb6dca
SHA-256: d9b0491c50992f75eca1da2118893d4bc7903fb588981ebdacef1e57ce7bbed4
 
IA-64:
rdesktop-1.6.0-3.el5_6.2.ia64.rpm
File outdated by:  RHBA-2013:1367
    MD5: 4464ee237b257c90cbd9522080eb53da
SHA-256: 5f71e3c9a9ebae0113c2b22f643d4b44af8dbb509347f37353ebfd6270ee51f4
 
PPC:
rdesktop-1.6.0-3.el5_6.2.ppc.rpm
File outdated by:  RHBA-2013:1367
    MD5: 7a55b04947e3382e7d7f955dee02bc47
SHA-256: f7c3ec36c3322181392b8fac9046c72fdbd8373d41351361dbce0911561f5080
 
s390x:
rdesktop-1.6.0-3.el5_6.2.s390x.rpm
File outdated by:  RHBA-2013:1367
    MD5: fdb1314cb24e6b02af0d830d2ab0d378
SHA-256: 38e9f8236f21712207a2166d565de52452e03da6e366253b2b6007db7b8b7142
 
x86_64:
rdesktop-1.6.0-3.el5_6.2.x86_64.rpm
File outdated by:  RHBA-2013:1367
    MD5: f555fe330617cafdf476d5805340cc83
SHA-256: dbca084e6e47fbfef1546e4ef5162fd600836ef7a696aad1b9420fff2f386104
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
rdesktop-1.6.0-3.el5_6.2.src.rpm
File outdated by:  RHBA-2013:1367
    MD5: 11b60845b38e476d490d2a9fde85f121
SHA-256: 29e9db01d4f898fdf0b976c5a6f880d52f0b4a5557e66e968a99634f0bff06fd
 
IA-32:
rdesktop-1.6.0-3.el5_6.2.i386.rpm
File outdated by:  RHBA-2013:1367
    MD5: 4eee3664186d50c5b3e53cbff7bb6dca
SHA-256: d9b0491c50992f75eca1da2118893d4bc7903fb588981ebdacef1e57ce7bbed4
 
x86_64:
rdesktop-1.6.0-3.el5_6.2.x86_64.rpm
File outdated by:  RHBA-2013:1367
    MD5: f555fe330617cafdf476d5805340cc83
SHA-256: dbca084e6e47fbfef1546e4ef5162fd600836ef7a696aad1b9420fff2f386104
 
Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
rdesktop-1.6.0-8.el6_0.1.src.rpm
File outdated by:  RHBA-2013:1556
    MD5: 3d4141f0fda6f2c67bbe2eac07a6e53c
SHA-256: 153b1f4854e05c518b1ac27dbd60736eb72749ea06a7df518d774b4b2127a407
 
IA-32:
rdesktop-1.6.0-8.el6_0.1.i686.rpm
File outdated by:  RHBA-2013:1556
    MD5: bdfa1fcc2be1d50b834cc76499a2285b
SHA-256: 96614c9b40db42303b33ae2cbfce26c79df7248982654660f083dfe7a6aabcc5
rdesktop-debuginfo-1.6.0-8.el6_0.1.i686.rpm
File outdated by:  RHBA-2013:1556
    MD5: 41c3d353297b8289a1d00e5b60efb14b
SHA-256: c46644dfa4cacf4ae04669cad0061d2ad583a3dc27d8e4d21d809c097049d813
 
x86_64:
rdesktop-1.6.0-8.el6_0.1.x86_64.rpm
File outdated by:  RHBA-2013:1556
    MD5: 9877b7a0f921767e011abfd8f1896a02
SHA-256: 073acba51cdcd9bd41977e8ef71c7dc7582258bcef121ac459316f7e012a89a7
rdesktop-debuginfo-1.6.0-8.el6_0.1.x86_64.rpm
File outdated by:  RHBA-2013:1556
    MD5: 7a2514826f53ba954fda91db818dcef6
SHA-256: 1bc6bad1e40e8ac0e883a513879da63b9bc505fd06b35a748314c492ea09bbc6
 
Red Hat Enterprise Linux EUS (v. 5.6.z server)

SRPMS:
rdesktop-1.6.0-3.el5_6.2.src.rpm
File outdated by:  RHBA-2013:1367
    MD5: 11b60845b38e476d490d2a9fde85f121
SHA-256: 29e9db01d4f898fdf0b976c5a6f880d52f0b4a5557e66e968a99634f0bff06fd
 
IA-32:
rdesktop-1.6.0-3.el5_6.2.i386.rpm     MD5: 4eee3664186d50c5b3e53cbff7bb6dca
SHA-256: d9b0491c50992f75eca1da2118893d4bc7903fb588981ebdacef1e57ce7bbed4
 
IA-64:
rdesktop-1.6.0-3.el5_6.2.ia64.rpm     MD5: 4464ee237b257c90cbd9522080eb53da
SHA-256: 5f71e3c9a9ebae0113c2b22f643d4b44af8dbb509347f37353ebfd6270ee51f4
 
PPC:
rdesktop-1.6.0-3.el5_6.2.ppc.rpm     MD5: 7a55b04947e3382e7d7f955dee02bc47
SHA-256: f7c3ec36c3322181392b8fac9046c72fdbd8373d41351361dbce0911561f5080
 
s390x:
rdesktop-1.6.0-3.el5_6.2.s390x.rpm     MD5: fdb1314cb24e6b02af0d830d2ab0d378
SHA-256: 38e9f8236f21712207a2166d565de52452e03da6e366253b2b6007db7b8b7142
 
x86_64:
rdesktop-1.6.0-3.el5_6.2.x86_64.rpm     MD5: f555fe330617cafdf476d5805340cc83
SHA-256: dbca084e6e47fbfef1546e4ef5162fd600836ef7a696aad1b9420fff2f386104
 
Red Hat Enterprise Linux Long Life (v. 5.6 server)

SRPMS:
rdesktop-1.6.0-3.el5_6.2.src.rpm
File outdated by:  RHBA-2013:1367
    MD5: 11b60845b38e476d490d2a9fde85f121
SHA-256: 29e9db01d4f898fdf0b976c5a6f880d52f0b4a5557e66e968a99634f0bff06fd
 
IA-32:
rdesktop-1.6.0-3.el5_6.2.i386.rpm     MD5: 4eee3664186d50c5b3e53cbff7bb6dca
SHA-256: d9b0491c50992f75eca1da2118893d4bc7903fb588981ebdacef1e57ce7bbed4
 
IA-64:
rdesktop-1.6.0-3.el5_6.2.ia64.rpm     MD5: 4464ee237b257c90cbd9522080eb53da
SHA-256: 5f71e3c9a9ebae0113c2b22f643d4b44af8dbb509347f37353ebfd6270ee51f4
 
x86_64:
rdesktop-1.6.0-3.el5_6.2.x86_64.rpm     MD5: f555fe330617cafdf476d5805340cc83
SHA-256: dbca084e6e47fbfef1546e4ef5162fd600836ef7a696aad1b9420fff2f386104
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
rdesktop-1.6.0-8.el6_0.1.src.rpm
File outdated by:  RHBA-2013:1556
    MD5: 3d4141f0fda6f2c67bbe2eac07a6e53c
SHA-256: 153b1f4854e05c518b1ac27dbd60736eb72749ea06a7df518d774b4b2127a407
 
IA-32:
rdesktop-1.6.0-8.el6_0.1.i686.rpm
File outdated by:  RHBA-2013:1556
    MD5: bdfa1fcc2be1d50b834cc76499a2285b
SHA-256: 96614c9b40db42303b33ae2cbfce26c79df7248982654660f083dfe7a6aabcc5
rdesktop-debuginfo-1.6.0-8.el6_0.1.i686.rpm
File outdated by:  RHBA-2013:1556
    MD5: 41c3d353297b8289a1d00e5b60efb14b
SHA-256: c46644dfa4cacf4ae04669cad0061d2ad583a3dc27d8e4d21d809c097049d813
 
PPC:
rdesktop-1.6.0-8.el6_0.1.ppc64.rpm
File outdated by:  RHBA-2013:1556
    MD5: ad7b3bf05fbc7a166d32078dd4fc2081
SHA-256: bc733d46d8c5c9c8733795a9c1a5fc0778ec83cffbe5bf15a0d2507e60680810
rdesktop-debuginfo-1.6.0-8.el6_0.1.ppc64.rpm
File outdated by:  RHBA-2013:1556
    MD5: f8efe3c2aecd8551a285548b448a9610
SHA-256: ad14ca543865308ed05ece34eb3630f70d5cd25b4daa37219ea95d2a6e5c93ac
 
s390x:
rdesktop-1.6.0-8.el6_0.1.s390x.rpm
File outdated by:  RHBA-2013:1556
    MD5: 2afd3843019302375daafa26321813e1
SHA-256: dbc4c27b137112785c237b79db03103dc5c7c27dee28ffc059718d6e4eeda4b9
rdesktop-debuginfo-1.6.0-8.el6_0.1.s390x.rpm
File outdated by:  RHBA-2013:1556
    MD5: fd75a0a407ebe6cc9f2a0d73e00b5b21
SHA-256: 76a1747c91092bc9ef105f8637efae442c20f29d232d09774d54c77a180e8332
 
x86_64:
rdesktop-1.6.0-8.el6_0.1.x86_64.rpm
File outdated by:  RHBA-2013:1556
    MD5: 9877b7a0f921767e011abfd8f1896a02
SHA-256: 073acba51cdcd9bd41977e8ef71c7dc7582258bcef121ac459316f7e012a89a7
rdesktop-debuginfo-1.6.0-8.el6_0.1.x86_64.rpm
File outdated by:  RHBA-2013:1556
    MD5: 7a2514826f53ba954fda91db818dcef6
SHA-256: 1bc6bad1e40e8ac0e883a513879da63b9bc505fd06b35a748314c492ea09bbc6
 
Red Hat Enterprise Linux Server EUS (v. 6.0.z)

SRPMS:
rdesktop-1.6.0-8.el6_0.1.src.rpm
File outdated by:  RHBA-2013:1556
    MD5: 3d4141f0fda6f2c67bbe2eac07a6e53c
SHA-256: 153b1f4854e05c518b1ac27dbd60736eb72749ea06a7df518d774b4b2127a407
 
IA-32:
rdesktop-1.6.0-8.el6_0.1.i686.rpm     MD5: bdfa1fcc2be1d50b834cc76499a2285b
SHA-256: 96614c9b40db42303b33ae2cbfce26c79df7248982654660f083dfe7a6aabcc5
rdesktop-debuginfo-1.6.0-8.el6_0.1.i686.rpm     MD5: 41c3d353297b8289a1d00e5b60efb14b
SHA-256: c46644dfa4cacf4ae04669cad0061d2ad583a3dc27d8e4d21d809c097049d813
 
PPC:
rdesktop-1.6.0-8.el6_0.1.ppc64.rpm     MD5: ad7b3bf05fbc7a166d32078dd4fc2081
SHA-256: bc733d46d8c5c9c8733795a9c1a5fc0778ec83cffbe5bf15a0d2507e60680810
rdesktop-debuginfo-1.6.0-8.el6_0.1.ppc64.rpm     MD5: f8efe3c2aecd8551a285548b448a9610
SHA-256: ad14ca543865308ed05ece34eb3630f70d5cd25b4daa37219ea95d2a6e5c93ac
 
s390x:
rdesktop-1.6.0-8.el6_0.1.s390x.rpm     MD5: 2afd3843019302375daafa26321813e1
SHA-256: dbc4c27b137112785c237b79db03103dc5c7c27dee28ffc059718d6e4eeda4b9
rdesktop-debuginfo-1.6.0-8.el6_0.1.s390x.rpm     MD5: fd75a0a407ebe6cc9f2a0d73e00b5b21
SHA-256: 76a1747c91092bc9ef105f8637efae442c20f29d232d09774d54c77a180e8332
 
x86_64:
rdesktop-1.6.0-8.el6_0.1.x86_64.rpm     MD5: 9877b7a0f921767e011abfd8f1896a02
SHA-256: 073acba51cdcd9bd41977e8ef71c7dc7582258bcef121ac459316f7e012a89a7
rdesktop-debuginfo-1.6.0-8.el6_0.1.x86_64.rpm     MD5: 7a2514826f53ba954fda91db818dcef6
SHA-256: 1bc6bad1e40e8ac0e883a513879da63b9bc505fd06b35a748314c492ea09bbc6
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
rdesktop-1.6.0-8.el6_0.1.src.rpm
File outdated by:  RHBA-2013:1556
    MD5: 3d4141f0fda6f2c67bbe2eac07a6e53c
SHA-256: 153b1f4854e05c518b1ac27dbd60736eb72749ea06a7df518d774b4b2127a407
 
IA-32:
rdesktop-1.6.0-8.el6_0.1.i686.rpm
File outdated by:  RHBA-2013:1556
    MD5: bdfa1fcc2be1d50b834cc76499a2285b
SHA-256: 96614c9b40db42303b33ae2cbfce26c79df7248982654660f083dfe7a6aabcc5
rdesktop-debuginfo-1.6.0-8.el6_0.1.i686.rpm
File outdated by:  RHBA-2013:1556
    MD5: 41c3d353297b8289a1d00e5b60efb14b
SHA-256: c46644dfa4cacf4ae04669cad0061d2ad583a3dc27d8e4d21d809c097049d813
 
x86_64:
rdesktop-1.6.0-8.el6_0.1.x86_64.rpm
File outdated by:  RHBA-2013:1556
    MD5: 9877b7a0f921767e011abfd8f1896a02
SHA-256: 073acba51cdcd9bd41977e8ef71c7dc7582258bcef121ac459316f7e012a89a7
rdesktop-debuginfo-1.6.0-8.el6_0.1.x86_64.rpm
File outdated by:  RHBA-2013:1556
    MD5: 7a2514826f53ba954fda91db818dcef6
SHA-256: 1bc6bad1e40e8ac0e883a513879da63b9bc505fd06b35a748314c492ea09bbc6
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

676252 - CVE-2011-1595 rdesktop remote file access


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/