freerdp (SL7)

By Scientific Linux Team on October 20, 2020

Synopsis: Moderate: freerdp security, bug fix, and enhancement update
Advisory ID: SLSA-2020:4031-1
Issue Date: 2020-10-01
CVE Numbers: CVE-2020-11088
CVE-2020-11038
CVE-2020-11042
CVE-2020-13397
CVE-2020-11085
CVE-2020-11048
CVE-2020-11086
CVE-2020-11019
CVE-2020-11522
CVE-2020-11018
CVE-2020-11525
CVE-2020-11049
CVE-2020-11039
CVE-2020-11040
CVE-2020-11089
CVE-2020-11044
CVE-2020-11087
CVE-2020-11043
CVE-2020-11046
CVE-2020-11058
CVE-2020-11526
CVE-2020-11041
CVE-2020-11047
CVE-2020-11045
CVE-2020-13396

Security Fix(es):

* freerdp: Out of bound read in cliprdr_server_receive_capabilities
(CVE-2020-11018)

* freerdp: Out of bound read/write in usb redirection channel
(CVE-2020-11039)

* freerdp: out-of-bounds read in update_read_icon_info function
(CVE-2020-11042)

* freerdp: out-of-bounds read in autodetect_recv_bandwidth_measure_results
function (CVE-2020-11047)

* freerdp: Out-of-bounds read in ntlm_read_ChallengeMessage in
winpr/libwinpr/sspi/NTLM/ntlm_message.c. (CVE-2020-13396)

* freerdp: Out-of-bounds read in security_fips_decrypt in
libfreerdp/core/security.c (CVE-2020-13397)

* freerdp: Out of bound read in update_recv could result in a crash
(CVE-2020-11019)

* freerdp: Integer overflow in VIDEO channel (CVE-2020-11038)

* freerdp: Out of bound access in clear_decompress_subcode_rlex
(CVE-2020-11040)

* freerdp: Unchecked read of array offset in rdpsnd_recv_wave2_pdu
(CVE-2020-11041)

* freerdp: out of bound read in rfx_process_message_tileset
(CVE-2020-11043)

* freerdp: double free in update_read_cache_bitmap_v3_order function
(CVE-2020-11044)

* freerdp: out of bounds read in update_read_bitmap_data function
(CVE-2020-11045)

* freerdp: out of bounds seek in update_read_synchronize function could
lead out of bounds read (CVE-2020-11046)

* freerdp: out-of-bounds read could result in aborting the session
(CVE-2020-11048)

* freerdp: out-of-bound read of client memory that is then passed on to the
protocol parser (CVE-2020-11049)

* freerdp: stream out-of-bounds seek in rdp_read_font_capability_set could
lead to out-of-bounds read (CVE-2020-11058)

* freerdp: out-of-bounds read in cliprdr_read_format_list function
(CVE-2020-11085)

* freerdp: out-of-bounds read in ntlm_read_ntlm_v2_client_challenge
function (CVE-2020-11086)

* freerdp: out-of-bounds read in ntlm_read_AuthenticateMessage
(CVE-2020-11087)

* freerdp: out-of-bounds read in ntlm_read_NegotiateMessage
(CVE-2020-11088)

* freerdp: out-of-bounds read in irp functions (CVE-2020-11089)

* freerdp: out-of-bounds read in gdi.c (CVE-2020-11522)

* freerdp: out-of-bounds read in bitmap.c (CVE-2020-11525)

* freerdp: Stream pointer out of bounds in update_recv_secondary_order
could lead out of bounds read later (CVE-2020-11526)

SL7
x86_64
freerdp-libs-2.1.1-2.el7.x86_64.rpm
libwinpr-2.1.1-2.el7.i686.rpm
freerdp-2.1.1-2.el7.x86_64.rpm
freerdp-libs-2.1.1-2.el7.i686.rpm
libwinpr-2.1.1-2.el7.x86_64.rpm
freerdp-debuginfo-2.1.1-2.el7.i686.rpm
freerdp-debuginfo-2.1.1-2.el7.x86_64.rpm
freerdp-devel-2.1.1-2.el7.i686.rpm
freerdp-devel-2.1.1-2.el7.x86_64.rpm
libwinpr-devel-2.1.1-2.el7.i686.rpm
libwinpr-devel-2.1.1-2.el7.x86_64.rpm

– Scientific Linux Development Team