Linux Security
    Linux Security
    Linux Security

    SUSE: 2020:2068-1 important: freerdp

    Date
    114
    Posted By
    An update that fixes 31 vulnerabilities is now available.
    
       SUSE Security Update: Security update for freerdp
    ______________________________________________________________________________
    
    Announcement ID:    SUSE-SU-2020:2068-1
    Rating:             important
    References:         #1169679 #1169748 #1171441 #1171443 #1171444 
                        #1171445 #1171446 #1171447 #1171474 #1173247 
                        #1173605 #1174200 
    Cross-References:   CVE-2020-11017 CVE-2020-11018 CVE-2020-11019
                        CVE-2020-11038 CVE-2020-11039 CVE-2020-11040
                        CVE-2020-11041 CVE-2020-11043 CVE-2020-11085
                        CVE-2020-11086 CVE-2020-11087 CVE-2020-11088
                        CVE-2020-11089 CVE-2020-11095 CVE-2020-11096
                        CVE-2020-11097 CVE-2020-11098 CVE-2020-11099
                        CVE-2020-11521 CVE-2020-11522 CVE-2020-11523
                        CVE-2020-11524 CVE-2020-11525 CVE-2020-11526
                        CVE-2020-13396 CVE-2020-13397 CVE-2020-13398
                        CVE-2020-4030 CVE-2020-4031 CVE-2020-4032
                        CVE-2020-4033
    Affected Products:
                        SUSE Linux Enterprise Workstation Extension 15-SP2
    ______________________________________________________________________________
    
       An update that fixes 31 vulnerabilities is now available.
    
    Description:
    
       This update for freerdp fixes the following issues:
    
       frerdp was updated to version 2.1.2 (bsc#1171441,bsc#1173247 and
       jsc#ECO-2006):
    
       - CVE-2020-11017: Fixed a double free which could have denied the server's
         service.
       - CVE-2020-11018: Fixed an out of bounds read which a malicious clients
         could have triggered.
       - CVE-2020-11019: Fixed an issue which could have led to denial of service
         if logger was set to "WLOG_TRACE".
       - CVE-2020-11038: Fixed a buffer overflow when /video redirection was used.
       - CVE-2020-11039: Fixed an issue which could have allowed arbitrary memory
         read and write when USB redirection was enabled.
       - CVE-2020-11040: Fixed an out of bounds data read in
         clear_decompress_subcode_rlex.
       - CVE-2020-11041: Fixed an issue with the configuration for sound backend
         which could have led to server's denial of service.
       - CVE-2020-11043: Fixed an out of bounds read in
         rfx_process_message_tileset.
       - CVE-2020-11085: Fixed an out of bounds read in cliprdr_read_format_list.
       - CVE-2020-11086: Fixed an out of bounds read in
         ntlm_read_ntlm_v2_client_challenge.
       - CVE-2020-11087: Fixed an out of bounds read in
         ntlm_read_AuthenticateMessage.
       - CVE-2020-11088: Fixed an out of bounds read in
         ntlm_read_NegotiateMessage.
       - CVE-2020-11089: Fixed an out of bounds read in irp function family.
       - CVE-2020-11095: Fixed a global out of bounds read in
         update_recv_primary_order.
       - CVE-2020-11096: Fixed a global out of bounds read in
         update_read_cache_bitmap_v3_order.
       - CVE-2020-11097: Fixed an out of bounds read in ntlm_av_pair_get.
       - CVE-2020-11098: Fixed an out of bounds read in glyph_cache_put.
       - CVE-2020-11099: Fixed an out of bounds Read in
         license_read_new_or_upgrade_license_packet.
       - CVE-2020-11521: Fixed an out of bounds write in planar.c (bsc#1171443).
       - CVE-2020-11522: Fixed an out of bounds read in gdi.c (bsc#1171444).
       - CVE-2020-11523: Fixed an integer overflow in region.c (bsc#1171445).
       - CVE-2020-11524: Fixed an out of bounds write in interleaved.c
         (bsc#1171446).
       - CVE-2020-11525: Fixed an out of bounds read in bitmap.c (bsc#1171447).
       - CVE-2020-11526: Fixed an out of bounds read in
         update_recv_secondary_order (bsc#1171674).
       - CVE-2020-13396: Fixed an Read in ntlm_read_ChallengeMessage.
       - CVE-2020-13397: Fixed an out of bounds read in security_fips_decrypt due
         to uninitialized value.
       - CVE-2020-13398: Fixed an out of bounds write in crypto_rsa_common.
       - CVE-2020-4030: Fixed an out of bounds read in `TrioParse`.
       - CVE-2020-4031: Fixed a use after free in gdi_SelectObject.
       - CVE-2020-4032: Fixed an integer casting in `update_recv_secondary_order`.
       - CVE-2020-4033: Fixed an out of bound read in RLEDECOMPRESS.
       - Fixed an issue where freerdp failed with -fno-common (bsc#1169748).
       - Fixed an issue where USB redirection with FreeRDP was not working
         (bsc#1169679).
    
    
    Patch Instructions:
    
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - SUSE Linux Enterprise Workstation Extension 15-SP2:
    
          zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-2068=1
    
    
    
    Package List:
    
       - SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64):
    
          freerdp-2.1.2-15.7.1
          freerdp-debuginfo-2.1.2-15.7.1
          freerdp-debugsource-2.1.2-15.7.1
          freerdp-devel-2.1.2-15.7.1
          libfreerdp2-2.1.2-15.7.1
          libfreerdp2-debuginfo-2.1.2-15.7.1
          libwinpr2-2.1.2-15.7.1
          libwinpr2-debuginfo-2.1.2-15.7.1
          winpr2-devel-2.1.2-15.7.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2020-11017.html
       https://www.suse.com/security/cve/CVE-2020-11018.html
       https://www.suse.com/security/cve/CVE-2020-11019.html
       https://www.suse.com/security/cve/CVE-2020-11038.html
       https://www.suse.com/security/cve/CVE-2020-11039.html
       https://www.suse.com/security/cve/CVE-2020-11040.html
       https://www.suse.com/security/cve/CVE-2020-11041.html
       https://www.suse.com/security/cve/CVE-2020-11043.html
       https://www.suse.com/security/cve/CVE-2020-11085.html
       https://www.suse.com/security/cve/CVE-2020-11086.html
       https://www.suse.com/security/cve/CVE-2020-11087.html
       https://www.suse.com/security/cve/CVE-2020-11088.html
       https://www.suse.com/security/cve/CVE-2020-11089.html
       https://www.suse.com/security/cve/CVE-2020-11095.html
       https://www.suse.com/security/cve/CVE-2020-11096.html
       https://www.suse.com/security/cve/CVE-2020-11097.html
       https://www.suse.com/security/cve/CVE-2020-11098.html
       https://www.suse.com/security/cve/CVE-2020-11099.html
       https://www.suse.com/security/cve/CVE-2020-11521.html
       https://www.suse.com/security/cve/CVE-2020-11522.html
       https://www.suse.com/security/cve/CVE-2020-11523.html
       https://www.suse.com/security/cve/CVE-2020-11524.html
       https://www.suse.com/security/cve/CVE-2020-11525.html
       https://www.suse.com/security/cve/CVE-2020-11526.html
       https://www.suse.com/security/cve/CVE-2020-13396.html
       https://www.suse.com/security/cve/CVE-2020-13397.html
       https://www.suse.com/security/cve/CVE-2020-13398.html
       https://www.suse.com/security/cve/CVE-2020-4030.html
       https://www.suse.com/security/cve/CVE-2020-4031.html
       https://www.suse.com/security/cve/CVE-2020-4032.html
       https://www.suse.com/security/cve/CVE-2020-4033.html
       https://bugzilla.suse.com/1169679
       https://bugzilla.suse.com/1169748
       https://bugzilla.suse.com/1171441
       https://bugzilla.suse.com/1171443
       https://bugzilla.suse.com/1171444
       https://bugzilla.suse.com/1171445
       https://bugzilla.suse.com/1171446
       https://bugzilla.suse.com/1171447
       https://bugzilla.suse.com/1171474
       https://bugzilla.suse.com/1173247
       https://bugzilla.suse.com/1173605
       https://bugzilla.suse.com/1174200
    
    _______________________________________________
    sle-security-updates mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://lists.suse.com/mailman/listinfo/sle-security-updates
    

    Advisories

    LinuxSecurity Poll

    Which aspect of server security are you most interested in learning more about?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/38-which-aspect-of-server-security-are-you-most-interested-in-learning-more-about?task=poll.vote&format=json
    38
    radio
    [{"id":"131","title":"Preventing information leakage","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"132","title":"Firewall considerations","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"133","title":"Permissions ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.