Mageia 7: MGASA-2020-0297 High Severity: FreeRDP Denial of Service Threat

mageia

July 31, 2020

It was discovered that FreeRDP incorrectly handled certain memory operations

Summary

It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly exeucte arbitrary code.
The freerdp package has been updated to version 2.1.2 to fix these issues.
Also, the remmina package has been updated to version 1.4.7 for compatibility with the updated freerdp.

References

- https://bugs.mageia.org/show_bug.cgi?id=26699

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8cvc-vcw7-6mfw

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x4wq-m7c9-rjgr

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-84vj-g73m-chw7

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xh4f-fh87-43hp

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9

- https://gitlab.com/Remmina/Remmina/-/releases#v1.4.7

- https://ubuntu.com/security/notices/USN-4379-1

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IGSY4CEBOH6TVJLIW53YL7YDGHY3RMPU/

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6RTM4HR3PBFF5X7XHCOS5MIHPKSDEYCX/

- https://www.cve.org/CVERecord?id=CVE-2020-4030

- https://www.cve.org/CVERecord?id=CVE-2020-4031

- https://www.cve.org/CVERecord?id=CVE-2020-4032

- https://www.cve.org/CVERecord?id=CVE-2020-4033

- https://www.cve.org/CVERecord?id=CVE-2020-11017

- https://www.cve.org/CVERecord?id=CVE-2020-11018

- https://www.cve.org/CVERecord?id=CVE-2020-11019

- https://www.cve.org/CVERecord?id=CVE-2020-11038

- https://www.cve.org/CVERecord?id=CVE-2020-11039

- https://www.cve.org/CVERecord?id=CVE-2020-11040

- https://www.cve.org/CVERecord?id=CVE-2020-11041

- https://www.cve.org/CVERecord?id=CVE-2020-11042

- https://www.cve.org/CVERecord?id=CVE-2020-11043

- https://www.cve.org/CVERecord?id=CVE-2020-11044

- https://www.cve.org/CVERecord?id=CVE-2020-11045

- https://www.cve.org/CVERecord?id=CVE-2020-11046

- https://www.cve.org/CVERecord?id=CVE-2020-11047

- https://www.cve.org/CVERecord?id=CVE-2020-11048

- https://www.cve.org/CVERecord?id=CVE-2020-11049

- https://www.cve.org/CVERecord?id=CVE-2020-11058

- https://www.cve.org/CVERecord?id=CVE-2020-11085

- https://www.cve.org/CVERecord?id=CVE-2020-11086

- https://www.cve.org/CVERecord?id=CVE-2020-11087

- https://www.cve.org/CVERecord?id=CVE-2020-11088

- https://www.cve.org/CVERecord?id=CVE-2020-11089

- https://www.cve.org/CVERecord?id=CVE-2020-11095

- https://www.cve.org/CVERecord?id=CVE-2020-11096

- https://www.cve.org/CVERecord?id=CVE-2020-11097

- https://www.cve.org/CVERecord?id=CVE-2020-11098

- https://www.cve.org/CVERecord?id=CVE-2020-11099

- https://www.cve.org/CVERecord?id=CVE-2020-11521

- https://www.cve.org/CVERecord?id=CVE-2020-11522

- https://www.cve.org/CVERecord?id=CVE-2020-11523

- https://www.cve.org/CVERecord?id=CVE-2020-11524

- https://www.cve.org/CVERecord?id=CVE-2020-11525

- https://www.cve.org/CVERecord?id=CVE-2020-11526

- https://www.cve.org/CVERecord?id=CVE-2020-13396

- https://www.cve.org/CVERecord?id=CVE-2020-13397

- https://www.cve.org/CVERecord?id=CVE-2020-13398

Topics Covered

security advisory remote code execution DoS memory operations Mageia FreeRDP Remmina

Resolution

SRPMS

- 7/core/freerdp-2.1.2-1.mga7

- 7/core/remmina-1.4.7-1.mga7

Publication date: 31 Jul 2020

URL: https://advisories.mageia.org/MGASA-2020-0297.html

Type: security

CVE: CVE-2020-4030, CVE-2020-4031, CVE-2020-4032, CVE-2020-4033, CVE-2020-11017, CVE-2020-11018, CVE-2020-11019, CVE-2020-11038, CVE-2020-11039, CVE-2020-11040, CVE-2020-11041, CVE-2020-11042, CVE-2020-11043, CVE-2020-11044, CVE-2020-11045, CVE-2020-11046, CVE-2020-11047, CVE-2020-11048, CVE-2020-11049, CVE-2020-11058, CVE-2020-11085, CVE-2020-11086, CVE-2020-11087, CVE-2020-11088, CVE-2020-11089, CVE-2020-11095, CVE-2020-11096, CVE-2020-11097, CVE-2020-11098, CVE-2020-11099, CVE-2020-11521, CVE-2020-11522, CVE-2020-11523, CVE-2020-11524, CVE-2020-11525, CVE-2020-11526, CVE-2020-13396, CVE-2020-13397, CVE-2020-13398

Topics Covered

security advisory remote code execution DoS memory operations Mageia FreeRDP Remmina

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Mageia 7: MGASA-2020-0297 High Severity: FreeRDP Denial of Service Threat

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Mageia 7: MGASA-2020-0297 High Severity: FreeRDP Denial of Service Threat

Summary

References

Topics Covered

Resolution

SRPMS

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!