MGASA-2020-0297 - Updated freerdp/remmina packages fix security vulnerability

Publication date: 31 Jul 2020
URL: https://advisories.mageia.org/MGASA-2020-0297.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-4030,
     CVE-2020-4031,
     CVE-2020-4032,
     CVE-2020-4033,
     CVE-2020-11017,
     CVE-2020-11018,
     CVE-2020-11019,
     CVE-2020-11038,
     CVE-2020-11039,
     CVE-2020-11040,
     CVE-2020-11041,
     CVE-2020-11042,
     CVE-2020-11043,
     CVE-2020-11044,
     CVE-2020-11045,
     CVE-2020-11046,
     CVE-2020-11047,
     CVE-2020-11048,
     CVE-2020-11049,
     CVE-2020-11058,
     CVE-2020-11085,
     CVE-2020-11086,
     CVE-2020-11087,
     CVE-2020-11088,
     CVE-2020-11089,
     CVE-2020-11095,
     CVE-2020-11096,
     CVE-2020-11097,
     CVE-2020-11098,
     CVE-2020-11099,
     CVE-2020-11521,
     CVE-2020-11522,
     CVE-2020-11523,
     CVE-2020-11524,
     CVE-2020-11525,
     CVE-2020-11526,
     CVE-2020-13396,
     CVE-2020-13397,
     CVE-2020-13398

It was discovered that FreeRDP incorrectly handled certain memory
operations. A remote attacker could use this issue to cause FreeRDP to
crash, resulting in a denial of service, or possibly exeucte arbitrary
code.

The freerdp package has been updated to version 2.1.2 to fix these issues.

Also, the remmina package has been updated to version 1.4.7 for
compatibility with the updated freerdp.

References:
- https://bugs.mageia.org/show_bug.cgi?id=26699
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8cvc-vcw7-6mfw
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x4wq-m7c9-rjgr
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-84vj-g73m-chw7
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xh4f-fh87-43hp
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9
- https://gitlab.com/Remmina/Remmina/-/releases#v1.4.7
- https://ubuntu.com/security/notices/USN-4379-1
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/IGSY4CEBOH6TVJLIW53YL7YDGHY3RMPU/
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/6RTM4HR3PBFF5X7XHCOS5MIHPKSDEYCX/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4030
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4031
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4032
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4033
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11017
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11018
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11019
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11038
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11039
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11040
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11041
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11042
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11043
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11044
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11045
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11046
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11047
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11048
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11049
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11058
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11085
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11086
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11087
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11088
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11089
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11095
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11096
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11097
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11098
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11099
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11521
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11522
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11523
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11524
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11525
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11526
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13396
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13397
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13398

SRPMS:
- 7/core/freerdp-2.1.2-1.mga7
- 7/core/remmina-1.4.7-1.mga7