Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 554
Alerts This Week
Warning Icon 1 554

openSUSE: 2020:1090-1 Important: FreeRDP Denial Of Service Issues

opensuse
Calendar Grey July 26, 2020
Dist Opensuse Esm H88
openSUSE Security Update: Security update for freerdp ______________________________________________
An update that fixes 31 vulnerabilities is now available.

Description

This update for freerdp fixes the following issues:

frerdp was updated to version 2.1.2 (bsc#1171441,bsc#1173247 and

jsc#ECO-2006):

- CVE-2020-11017: Fixed a double free which could have denied the server's

service.

- CVE-2020-11018: Fixed an out of bounds read which a malicious clients

could have triggered.

- CVE-2020-11019: Fixed an issue which could have led to denial of service

if logger was set to "WLOG_TRACE".

- CVE-2020-11038: Fixed a buffer overflow when /video redirection was used.

- CVE-2020-11039: Fixed an issue which could have allowed arbitrary memory

read and write when USB redirection was enabled.

- CVE-2020-11040: Fixed an out of bounds data read in

clear_decompress_subcode_rlex.

- CVE-2020-11041: Fixed an issue with the configuration for sound backend

which could have led to server's denial of service.

- CVE-2020-11043: Fixed an out of bounds read in

rfx_process_message_tileset.

-...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-1090=1

Package List

- openSUSE Leap 15.1 (x86_64):

freerdp-2.1.2-lp151.5.6.1

freerdp-debuginfo-2.1.2-lp151.5.6.1

freerdp-debugsource-2.1.2-lp151.5.6.1

freerdp-devel-2.1.2-lp151.5.6.1

freerdp-proxy-2.1.2-lp151.5.6.1

freerdp-proxy-debuginfo-2.1.2-lp151.5.6.1

freerdp-server-2.1.2-lp151.5.6.1

freerdp-server-debuginfo-2.1.2-lp151.5.6.1

freerdp-wayland-2.1.2-lp151.5.6.1

freerdp-wayland-debuginfo-2.1.2-lp151.5.6.1

libfreerdp2-2.1.2-lp151.5.6.1

libfreerdp2-debuginfo-2.1.2-lp151.5.6.1

libuwac0-0-2.1.2-lp151.5.6.1

libuwac0-0-debuginfo-2.1.2-lp151.5.6.1

libwinpr2-2.1.2-lp151.5.6.1

libwinpr2-debuginfo-2.1.2-lp151.5.6.1

uwac0-0-devel-2.1.2-lp151.5.6.1

winpr2-devel-2.1.2-lp151.5.6.1

References

https://www.suse.com/security/cve/CVE-2020-11017.html

https://www.suse.com/security/cve/CVE-2020-11018.html

https://www.suse.com/security/cve/CVE-2020-11019.html

https://www.suse.com/security/cve/CVE-2020-11038.html

https://www.suse.com/security/cve/CVE-2020-11039.html

https://www.suse.com/security/cve/CVE-2020-11040.html

https://www.suse.com/security/cve/CVE-2020-11041.html

https://www.suse.com/security/cve/CVE-2020-11043.html

https://www.suse.com/security/cve/CVE-2020-11085.html

https://www.suse.com/security/cve/CVE-2020-11086.html

https://www.suse.com/security/cve/CVE-2020-11087.html

https://www.suse.com/security/cve/CVE-2020-11088.html

https://www.suse.com/security/cve/CVE-2020-11089.html

https://www.suse.com/security/cve/CVE-2020-11095.html

https://www.suse.com/security/cve/CVE-2020-11096.html

https://www.suse.com/security/cve/CVE-2020-11097.html

https://www.suse.com/security/cve/CVE-2020-11098.html

https://www.suse.com/security/cve/CVE-2020-11099.html

https://www.suse.com/security/cve/CVE-2020-115...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2020:1090-1
Rating: important
Affected Products: openSUSE Leap 15.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.