openSUSE Security Update : freerdp (openSUSE-2020-1090)

high Nessus Plugin ID 139018

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for freerdp fixes the following issues :

frerdp was updated to version 2.1.2 (bsc#1171441,bsc#1173247 and jsc#ECO-2006) :

- CVE-2020-11017: Fixed a double free which could have denied the server's service.

- CVE-2020-11018: Fixed an out of bounds read which a malicious clients could have triggered.

- CVE-2020-11019: Fixed an issue which could have led to denial of service if logger was set to 'WLOG_TRACE'.

- CVE-2020-11038: Fixed a buffer overflow when /video redirection was used.

- CVE-2020-11039: Fixed an issue which could have allowed arbitrary memory read and write when USB redirection was enabled.

- CVE-2020-11040: Fixed an out of bounds data read in clear_decompress_subcode_rlex.

- CVE-2020-11041: Fixed an issue with the configuration for sound backend which could have led to server's denial of service.

- CVE-2020-11043: Fixed an out of bounds read in rfx_process_message_tileset.

- CVE-2020-11085: Fixed an out of bounds read in cliprdr_read_format_list.

- CVE-2020-11086: Fixed an out of bounds read in ntlm_read_ntlm_v2_client_challenge.

- CVE-2020-11087: Fixed an out of bounds read in ntlm_read_AuthenticateMessage.

- CVE-2020-11088: Fixed an out of bounds read in ntlm_read_NegotiateMessage.

- CVE-2020-11089: Fixed an out of bounds read in irp function family.

- CVE-2020-11095: Fixed a global out of bounds read in update_recv_primary_order.

- CVE-2020-11096: Fixed a global out of bounds read in update_read_cache_bitmap_v3_order.

- CVE-2020-11097: Fixed an out of bounds read in ntlm_av_pair_get.

- CVE-2020-11098: Fixed an out of bounds read in glyph_cache_put.

- CVE-2020-11099: Fixed an out of bounds Read in license_read_new_or_upgrade_license_packet.

- CVE-2020-11521: Fixed an out of bounds write in planar.c (bsc#1171443).

- CVE-2020-11522: Fixed an out of bounds read in gdi.c (bsc#1171444).

- CVE-2020-11523: Fixed an integer overflow in region.c (bsc#1171445).

- CVE-2020-11524: Fixed an out of bounds write in interleaved.c (bsc#1171446).

- CVE-2020-11525: Fixed an out of bounds read in bitmap.c (bsc#1171447).

- CVE-2020-11526: Fixed an out of bounds read in update_recv_secondary_order (bsc#1171674).

- CVE-2020-13396: Fixed an Read in ntlm_read_ChallengeMessage.

- CVE-2020-13397: Fixed an out of bounds read in security_fips_decrypt due to uninitialized value.

- CVE-2020-13398: Fixed an out of bounds write in crypto_rsa_common.

- CVE-2020-4030: Fixed an out of bounds read in `TrioParse`.

- CVE-2020-4031: Fixed a use after free in gdi_SelectObject.

- CVE-2020-4032: Fixed an integer casting in `update_recv_secondary_order`.

- CVE-2020-4033: Fixed an out of bound read in RLEDECOMPRESS.

- Fixed an issue where freerdp failed with -fno-common (bsc#1169748).

- Fixed an issue where USB redirection with FreeRDP was not working (bsc#1169679).

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Solution

Update the affected freerdp packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1169679

https://bugzilla.opensuse.org/show_bug.cgi?id=1169748

https://bugzilla.opensuse.org/show_bug.cgi?id=1171441

https://bugzilla.opensuse.org/show_bug.cgi?id=1171443

https://bugzilla.opensuse.org/show_bug.cgi?id=1171444

https://bugzilla.opensuse.org/show_bug.cgi?id=1171445

https://bugzilla.opensuse.org/show_bug.cgi?id=1171446

https://bugzilla.opensuse.org/show_bug.cgi?id=1171447

https://bugzilla.opensuse.org/show_bug.cgi?id=1171474

https://bugzilla.opensuse.org/show_bug.cgi?id=1173247

https://bugzilla.opensuse.org/show_bug.cgi?id=1173605

https://bugzilla.opensuse.org/show_bug.cgi?id=1174200

Plugin Details

Severity: High

ID: 139018

File Name: openSUSE-2020-1090.nasl

Version: 1.4

Type: local

Agent: unix

Published: 7/28/2020

Updated: 2/28/2024

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2020-13398

CVSS v3

Risk Factor: High

Base Score: 8.3

Temporal Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:freerdp, p-cpe:/a:novell:opensuse:freerdp-debuginfo, p-cpe:/a:novell:opensuse:libuwac0-0-debuginfo, p-cpe:/a:novell:opensuse:libwinpr2, p-cpe:/a:novell:opensuse:libwinpr2-debuginfo, p-cpe:/a:novell:opensuse:uwac0-0-devel, p-cpe:/a:novell:opensuse:winpr2-devel, cpe:/o:novell:opensuse:15.1, p-cpe:/a:novell:opensuse:freerdp-debugsource, p-cpe:/a:novell:opensuse:freerdp-devel, p-cpe:/a:novell:opensuse:freerdp-proxy, p-cpe:/a:novell:opensuse:freerdp-proxy-debuginfo, p-cpe:/a:novell:opensuse:freerdp-server, p-cpe:/a:novell:opensuse:freerdp-server-debuginfo, p-cpe:/a:novell:opensuse:freerdp-wayland, p-cpe:/a:novell:opensuse:freerdp-wayland-debuginfo, p-cpe:/a:novell:opensuse:libfreerdp2, p-cpe:/a:novell:opensuse:libfreerdp2-debuginfo, p-cpe:/a:novell:opensuse:libuwac0-0

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/26/2020

Vulnerability Publication Date: 5/15/2020

Reference Information

CVE: CVE-2020-11017, CVE-2020-11018, CVE-2020-11019, CVE-2020-11038, CVE-2020-11039, CVE-2020-11040, CVE-2020-11041, CVE-2020-11043, CVE-2020-11085, CVE-2020-11086, CVE-2020-11087, CVE-2020-11088, CVE-2020-11089, CVE-2020-11095, CVE-2020-11096, CVE-2020-11097, CVE-2020-11098, CVE-2020-11099, CVE-2020-11521, CVE-2020-11522, CVE-2020-11523, CVE-2020-11524, CVE-2020-11525, CVE-2020-11526, CVE-2020-13396, CVE-2020-13397, CVE-2020-13398, CVE-2020-4030, CVE-2020-4031, CVE-2020-4032, CVE-2020-4033