openSUSE: 2019:0325-1: important: freerdp

    Date13 Mar 2019
    CategoryopenSUSE
    362
    Posted ByLinuxSecurity Advisories
    An update that solves 8 vulnerabilities and has four fixes is now available.
       openSUSE Security Update: Security update for freerdp
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2019:0325-1
    Rating:             important
    References:         #1085416 #1087240 #1103557 #1104918 #1112028 
                        #1116708 #1117963 #1117964 #1117965 #1117966 
                        #1117967 #1120507 
    Cross-References:   CVE-2018-0886 CVE-2018-1000852 CVE-2018-8784
                        CVE-2018-8785 CVE-2018-8786 CVE-2018-8787
                        CVE-2018-8788 CVE-2018-8789
    Affected Products:
                        openSUSE Leap 15.0
    ______________________________________________________________________________
    
       An update that solves 8 vulnerabilities and has four fixes
       is now available.
    
    Description:
    
       This update for freerdp to version 2.0.0~rc4 fixes the following issues:
    
       Security issues fixed:
    
       - CVE-2018-0886: Fix a remote code execution vulnerability (CredSSP)
         (bsc#1085416, bsc#1087240, bsc#1104918)
       - CVE-2018-8789: Fix several denial of service vulnerabilities in the in
         the NTLM Authentication module (bsc#1117965)
       - CVE-2018-8785: Fix a potential remote code execution vulnerability in
         the zgfx_decompress function (bsc#1117967)
       - CVE-2018-8786: Fix a potential remote code execution vulnerability in
         the update_read_bitmap_update function (bsc#1117966)
       - CVE-2018-8787: Fix a potential remote code execution vulnerability in
         the gdi_Bitmap_Decompress function (bsc#1117964)
       - CVE-2018-8788: Fix a potential remote code execution vulnerability in
         the nsc_rle_decode function (bsc#1117963)
       - CVE-2018-8784: Fix a potential remote code execution vulnerability in
         the zgfx_decompress_segment function (bsc#1116708)
       - CVE-2018-1000852: Fixed a remote memory access in the
         drdynvc_process_capability_request function (bsc#1120507)
    
       Other issues:
    
       - Upgraded to version 2.0.0-rc4 (FATE#326739)
       - Security and stability improvements, including bsc#1103557 and
         bsc#1112028
       - gateway: multiple fixes and improvements
       - client/X11: support for rail (remote app) icons was added
       - The licensing code was re-worked: Per-device licenses are now saved on
         the client and used on re-connect: WARNING: this is a change in FreeRDP
         behavior regarding licensing. If the old behavior is required, or no
         licenses should be saved use the new command line option +old-license
         (gh#/FreeRDP/FreeRDP#4979)
       - Improved order handling -  only orders that were enable  during
         capability exchange are accepted. WARNING and NOTE: some servers do
         improperly send orders that weren't negotiated, for such cases the new
         command line option /relax-order-checks was added to disable the strict
         order checking. If connecting to xrdp the options /relax-order-checks
         *and* +glyph-cache are required. (gh#/FreeRDP/FreeRDP#4926)
       - Fixed automount issues
       - Fixed several audio and microphone related issues
       - Fixed X11 Right-Ctrl ungrab feature
       - Fixed race condition in rdpsnd channel server.
       - Disabled SSE2 for ARM and powerpc
    
       This update was imported from the SUSE:SLE-15:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Leap 15.0:
    
          zypper in -t patch openSUSE-2019-325=1
    
    
    
    Package List:
    
       - openSUSE Leap 15.0 (x86_64):
    
          freerdp-2.0.0~rc4-lp150.2.3.1
          freerdp-debuginfo-2.0.0~rc4-lp150.2.3.1
          freerdp-debugsource-2.0.0~rc4-lp150.2.3.1
          freerdp-devel-2.0.0~rc4-lp150.2.3.1
          freerdp-server-2.0.0~rc4-lp150.2.3.1
          freerdp-server-debuginfo-2.0.0~rc4-lp150.2.3.1
          freerdp-wayland-2.0.0~rc4-lp150.2.3.1
          freerdp-wayland-debuginfo-2.0.0~rc4-lp150.2.3.1
          libfreerdp2-2.0.0~rc4-lp150.2.3.1
          libfreerdp2-debuginfo-2.0.0~rc4-lp150.2.3.1
          libuwac0-0-2.0.0~rc4-lp150.2.3.1
          libuwac0-0-debuginfo-2.0.0~rc4-lp150.2.3.1
          libwinpr2-2.0.0~rc4-lp150.2.3.1
          libwinpr2-debuginfo-2.0.0~rc4-lp150.2.3.1
          uwac0-0-devel-2.0.0~rc4-lp150.2.3.1
          winpr2-devel-2.0.0~rc4-lp150.2.3.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2018-0886.html
       https://www.suse.com/security/cve/CVE-2018-1000852.html
       https://www.suse.com/security/cve/CVE-2018-8784.html
       https://www.suse.com/security/cve/CVE-2018-8785.html
       https://www.suse.com/security/cve/CVE-2018-8786.html
       https://www.suse.com/security/cve/CVE-2018-8787.html
       https://www.suse.com/security/cve/CVE-2018-8788.html
       https://www.suse.com/security/cve/CVE-2018-8789.html
       https://bugzilla.suse.com/1085416
       https://bugzilla.suse.com/1087240
       https://bugzilla.suse.com/1103557
       https://bugzilla.suse.com/1104918
       https://bugzilla.suse.com/1112028
       https://bugzilla.suse.com/1116708
       https://bugzilla.suse.com/1117963
       https://bugzilla.suse.com/1117964
       https://bugzilla.suse.com/1117965
       https://bugzilla.suse.com/1117966
       https://bugzilla.suse.com/1117967
       https://bugzilla.suse.com/1120507
    
    -- 
    

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com feature?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    17
    radio
    [{"id":"65","title":"Feature articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"66","title":"News","votes":"1","type":"x","order":"2","pct":100,"resources":[]},{"id":"67","title":"HOWTOs","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.