Arch Linux Security Advisory ASA-202006-15
=========================================
Severity: High
Date    : 2020-06-28
CVE-ID  : CVE-2020-4030  CVE-2020-4031  CVE-2020-4032  CVE-2020-4033
          CVE-2020-11095 CVE-2020-11096 CVE-2020-11097 CVE-2020-11098
          CVE-2020-11099
Package : freerdp
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-1193

Summary
======
The package freerdp before version 2:2.1.2-1 is vulnerable to multiple
issues including arbitrary code execution and information disclosure.

Resolution
=========
Upgrade to 2:2.1.2-1.

# pacman -Syu "freerdp>=2:2.1.2-1"

The problems have been fixed upstream in version 2.1.2.

Workaround
=========
None.

Description
==========
- CVE-2020-4030 (information disclosure)

An out-of-bounds read has been found in FreeRDP before 2.1.2, where
logging might bypass string length checks due to an integer overflow.

- CVE-2020-4031 (arbitrary code execution)

A use-after-free vulnerability has been found in FreeRDP before 2.1.2,
in gdi_SelectObject(). Clients using compatibility mode enabled with
/relax-order-checks are affected.

- CVE-2020-4032 (information disclosure)

An integer casting vulnerability leading to an out-of-bounds read has
been found in FreeRDP before 2.1.2, in update_recv_secondary_order(),
on clients with +glyph-cache or /relax-order-checks options enabled.

- CVE-2020-4033 (information disclosure)

An out-of-bounds read of up to 4 bytes has been found in FreeRDP before
2.1.2, affecting all FreeRDP based clients with sessions with color
depth < 32.

- CVE-2020-11095 (information disclosure)

A global out-of-bounds read has been found in FreeRDP before 2.1.2, in
update_recv_primary_order.

- CVE-2020-11096 (information disclosure)

An out-of-bounds read has been found in FreeRDP before 2.1.2, in
update_read_cache_bitmap_v3_order().

- CVE-2020-11097 (information disclosure)

An out-of-bounds read has been found in FreeRDP before 2.1.2, in
ntlm_av_pair_get().

- CVE-2020-11098 (information disclosure)

An out-of-bounds read has been found in FreeRDP before 2.1.2, in
glyph_cache_put. This issue only exists when glyph-cache is enabled,
which is not the case by default.

- CVE-2020-11099 (information disclosure)

An out-of-bounds read has been found in FreeRDP before 2.1.2, in
license_read_new_or_upgrade_license_packet().

Impact
=====
A remote attacker might be able to access sensitive information or
crash the application via a crafted RDP session. A malicious server, or
an attacker in position of man-in-the-middle might be able to execute
arbitrary code on the affected host.

References
=========
https://www.freerdp.com/2020/06/22/2_1_2-released
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98
https://github.com/FreeRDP/FreeRDP/commit/05cd9ea2290d23931f615c1b004d4b2e69074e27
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g
https://github.com/FreeRDP/FreeRDP/commit/6d86e20e1e7caaab4f0c7f89e36d32914dbccc52
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc
https://github.com/FreeRDP/FreeRDP/commit/e7bffa64ef5ed70bac94f823e2b95262642f5296
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8
https://github.com/FreeRDP/FreeRDP/commit/0a98c450c58ec150e44781c89aa6f8e7e0f571f5
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2
https://github.com/FreeRDP/FreeRDP/commit/733ee3208306b1ea32697b356c0215180fc3f049
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x
https://github.com/FreeRDP/FreeRDP/commit/b8beb55913471952f92770c90c372139d78c16c0
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f
https://github.com/FreeRDP/FreeRDP/commit/58a3122250d54de3a944c487776bcd4d1da4721e
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv
https://github.com/FreeRDP/FreeRDP/commit/c0fd449ec0870b050d350d6d844b1ea6dad4bc7d
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h
https://github.com/FreeRDP/FreeRDP/commit/6ade7b4cbfd71c54b3d724e8f2d6ac76a58e879a
https://security.archlinux.org/CVE-2020-4030
https://security.archlinux.org/CVE-2020-4031
https://security.archlinux.org/CVE-2020-4032
https://security.archlinux.org/CVE-2020-4033
https://security.archlinux.org/CVE-2020-11095
https://security.archlinux.org/CVE-2020-11096
https://security.archlinux.org/CVE-2020-11097
https://security.archlinux.org/CVE-2020-11098
https://security.archlinux.org/CVE-2020-11099

ArchLinux: 202006-15: freerdp: multiple issues

June 30, 2020

Summary

- CVE-2020-4030 (information disclosure) An out-of-bounds read has been found in FreeRDP before 2.1.2, where logging might bypass string length checks due to an integer overflow.
- CVE-2020-4031 (arbitrary code execution)
A use-after-free vulnerability has been found in FreeRDP before 2.1.2, in gdi_SelectObject(). Clients using compatibility mode enabled with /relax-order-checks are affected.
- CVE-2020-4032 (information disclosure)
An integer casting vulnerability leading to an out-of-bounds read has been found in FreeRDP before 2.1.2, in update_recv_secondary_order(), on clients with +glyph-cache or /relax-order-checks options enabled.
- CVE-2020-4033 (information disclosure)
An out-of-bounds read of up to 4 bytes has been found in FreeRDP before 2.1.2, affecting all FreeRDP based clients with sessions with color depth < 32.
- CVE-2020-11095 (information disclosure)
A global out-of-bounds read has been found in FreeRDP before 2.1.2, in update_recv_primary_order.
- CVE-2020-11096 (information disclosure)
An out-of-bounds read has been found in FreeRDP before 2.1.2, in update_read_cache_bitmap_v3_order().
- CVE-2020-11097 (information disclosure)
An out-of-bounds read has been found in FreeRDP before 2.1.2, in ntlm_av_pair_get().
- CVE-2020-11098 (information disclosure)
An out-of-bounds read has been found in FreeRDP before 2.1.2, in glyph_cache_put. This issue only exists when glyph-cache is enabled, which is not the case by default.
- CVE-2020-11099 (information disclosure)
An out-of-bounds read has been found in FreeRDP before 2.1.2, in license_read_new_or_upgrade_license_packet().

Resolution

Upgrade to 2:2.1.2-1. # pacman -Syu "freerdp>=2:2.1.2-1"
The problems have been fixed upstream in version 2.1.2.

References

https://www.freerdp.com/2020/06/22/2_1_2-released https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98 https://github.com/FreeRDP/FreeRDP/commit/05cd9ea2290d23931f615c1b004d4b2e69074e27 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g https://github.com/FreeRDP/FreeRDP/commit/6d86e20e1e7caaab4f0c7f89e36d32914dbccc52 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc https://github.com/FreeRDP/FreeRDP/commit/e7bffa64ef5ed70bac94f823e2b95262642f5296 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8 https://github.com/FreeRDP/FreeRDP/commit/0a98c450c58ec150e44781c89aa6f8e7e0f571f5 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2 https://github.com/FreeRDP/FreeRDP/commit/733ee3208306b1ea32697b356c0215180fc3f049 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x https://github.com/FreeRDP/FreeRDP/commit/b8beb55913471952f92770c90c372139d78c16c0 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f https://github.com/FreeRDP/FreeRDP/commit/58a3122250d54de3a944c487776bcd4d1da4721e https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv https://github.com/FreeRDP/FreeRDP/commit/c0fd449ec0870b050d350d6d844b1ea6dad4bc7d https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h https://github.com/FreeRDP/FreeRDP/commit/6ade7b4cbfd71c54b3d724e8f2d6ac76a58e879a https://security.archlinux.org/CVE-2020-4030 https://security.archlinux.org/CVE-2020-4031 https://security.archlinux.org/CVE-2020-4032 https://security.archlinux.org/CVE-2020-4033 https://security.archlinux.org/CVE-2020-11095 https://security.archlinux.org/CVE-2020-11096 https://security.archlinux.org/CVE-2020-11097 https://security.archlinux.org/CVE-2020-11098 https://security.archlinux.org/CVE-2020-11099

Severity
CVE-2020-11095 CVE-2020-11096 CVE-2020-11097 CVE-2020-11098
CVE-2020-11099
Package : freerdp
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1193

Workaround

None.

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved