ArchLinux: 202006-15: freerdp: multiple issues

    Date 30 Jun 2020
    126
    Posted By LinuxSecurity Advisories
    The package freerdp before version 2:2.1.2-1 is vulnerable to multiple issues including arbitrary code execution and information disclosure.
    Arch Linux Security Advisory ASA-202006-15
    ==========================================
    
    Severity: High
    Date    : 2020-06-28
    CVE-ID  : CVE-2020-4030  CVE-2020-4031  CVE-2020-4032  CVE-2020-4033
              CVE-2020-11095 CVE-2020-11096 CVE-2020-11097 CVE-2020-11098
              CVE-2020-11099
    Package : freerdp
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1193
    
    Summary
    =======
    
    The package freerdp before version 2:2.1.2-1 is vulnerable to multiple
    issues including arbitrary code execution and information disclosure.
    
    Resolution
    ==========
    
    Upgrade to 2:2.1.2-1.
    
    # pacman -Syu "freerdp>=2:2.1.2-1"
    
    The problems have been fixed upstream in version 2.1.2.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2020-4030 (information disclosure)
    
    An out-of-bounds read has been found in FreeRDP before 2.1.2, where
    logging might bypass string length checks due to an integer overflow.
    
    - CVE-2020-4031 (arbitrary code execution)
    
    A use-after-free vulnerability has been found in FreeRDP before 2.1.2,
    in gdi_SelectObject(). Clients using compatibility mode enabled with
    /relax-order-checks are affected.
    
    - CVE-2020-4032 (information disclosure)
    
    An integer casting vulnerability leading to an out-of-bounds read has
    been found in FreeRDP before 2.1.2, in update_recv_secondary_order(),
    on clients with +glyph-cache or /relax-order-checks options enabled.
    
    - CVE-2020-4033 (information disclosure)
    
    An out-of-bounds read of up to 4 bytes has been found in FreeRDP before
    2.1.2, affecting all FreeRDP based clients with sessions with color
    depth < 32.
    
    - CVE-2020-11095 (information disclosure)
    
    A global out-of-bounds read has been found in FreeRDP before 2.1.2, in
    update_recv_primary_order.
    
    - CVE-2020-11096 (information disclosure)
    
    An out-of-bounds read has been found in FreeRDP before 2.1.2, in
    update_read_cache_bitmap_v3_order().
    
    - CVE-2020-11097 (information disclosure)
    
    An out-of-bounds read has been found in FreeRDP before 2.1.2, in
    ntlm_av_pair_get().
    
    - CVE-2020-11098 (information disclosure)
    
    An out-of-bounds read has been found in FreeRDP before 2.1.2, in
    glyph_cache_put. This issue only exists when glyph-cache is enabled,
    which is not the case by default.
    
    - CVE-2020-11099 (information disclosure)
    
    An out-of-bounds read has been found in FreeRDP before 2.1.2, in
    license_read_new_or_upgrade_license_packet().
    
    Impact
    ======
    
    A remote attacker might be able to access sensitive information or
    crash the application via a crafted RDP session. A malicious server, or
    an attacker in position of man-in-the-middle might be able to execute
    arbitrary code on the affected host.
    
    References
    ==========
    
    https://www.freerdp.com/2020/06/22/2_1_2-released
    https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98
    https://github.com/FreeRDP/FreeRDP/commit/05cd9ea2290d23931f615c1b004d4b2e69074e27
    https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g
    https://github.com/FreeRDP/FreeRDP/commit/6d86e20e1e7caaab4f0c7f89e36d32914dbccc52
    https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc
    https://github.com/FreeRDP/FreeRDP/commit/e7bffa64ef5ed70bac94f823e2b95262642f5296
    https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8
    https://github.com/FreeRDP/FreeRDP/commit/0a98c450c58ec150e44781c89aa6f8e7e0f571f5
    https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2
    https://github.com/FreeRDP/FreeRDP/commit/733ee3208306b1ea32697b356c0215180fc3f049
    https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x
    https://github.com/FreeRDP/FreeRDP/commit/b8beb55913471952f92770c90c372139d78c16c0
    https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f
    https://github.com/FreeRDP/FreeRDP/commit/58a3122250d54de3a944c487776bcd4d1da4721e
    https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv
    https://github.com/FreeRDP/FreeRDP/commit/c0fd449ec0870b050d350d6d844b1ea6dad4bc7d
    https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h
    https://github.com/FreeRDP/FreeRDP/commit/6ade7b4cbfd71c54b3d724e8f2d6ac76a58e879a
    https://security.archlinux.org/CVE-2020-4030
    https://security.archlinux.org/CVE-2020-4031
    https://security.archlinux.org/CVE-2020-4032
    https://security.archlinux.org/CVE-2020-4033
    https://security.archlinux.org/CVE-2020-11095
    https://security.archlinux.org/CVE-2020-11096
    https://security.archlinux.org/CVE-2020-11097
    https://security.archlinux.org/CVE-2020-11098
    https://security.archlinux.org/CVE-2020-11099
    

    LinuxSecurity Poll

    Are you considering making the switch to Purism's new Librem 14 Linux laptop to improve your security and privacy online?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/31-are-you-considering-making-the-switch-to-purism-s-new-librem-14-linux-laptop-to-improve-your-security-and-privacy-online?task=poll.vote&format=json
    31
    radio
    [{"id":"109","title":"Yes - the hardware kill switches and default ad blocking\/tracking protection sold me on it.","votes":"3","type":"x","order":"1","pct":37.5,"resources":[]},{"id":"110","title":"Not sure yet - I need to do more research.","votes":"4","type":"x","order":"2","pct":50,"resources":[]},{"id":"111","title":"No - I'm satisfied with my current laptop and have no security\/privacy concerns.","votes":"1","type":"x","order":"3","pct":12.5,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.