| Description: | An updated rdesktop package that fixes a security issue is now available forRed Hat Enterprise Linux 5.This update has been rated as having moderate security impact by the RedHat Security Response Team.rdesktop is an open source client for Microsoft Windows NT Terminal Serverand Microsoft Windows 2000 and 2003 Terminal Services, capable of nativelyusing the Remote Desktop Protocol (RDP) to present the user's NT desktop.No additional server extensions are required.An integer underflow and integer signedness issue were discovered in therdesktop. If an attacker could convince a victim to connect to a maliciousRDP server, the attacker could cause the victim's rdesktop to crash or,possibly, execute an arbitrary code. (CVE-2008-1801, CVE-2008-1803)Users of rdesktop should upgrade to these updated packages, which contain abackported patches to resolve these issues. |