Bug 626428 (CVE-2017-2834, CVE-2017-2835, CVE-2017-2836, CVE-2017-2837, CVE-2017-2838, CVE-2017-2839)

Summary:	<net-misc/freerdp-2.0.0_rc0: Multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Christopher Díaz Riveros (RETIRED) <chrisadr>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	bkohler, floppym
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://github.com/FreeRDP/FreeRDP/pull/4055/commits/8292b4558f0684065ce1f58db7783cc426099223
Whiteboard:	~3 [noglsa]
Package list:		Runtime testing required:	---

Description Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-07-28 11:50:23 UTC

From URL:


Fix the following issues identified by the CISCO TALOS project:
 * TALOS-2017-0336 CVE-2017-2834
 * TALOS-2017-0337 CVE-2017-2834
 * TALOS-2017-0338 CVE-2017-2836
 * TALOS-2017-0339 CVE-2017-2837
 * TALOS-2017-0340 CVE-2017-2838
 * TALOS-2017-0341 CVE-2017-2839

References:

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0338
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0339
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0340
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0341
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0337
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0336

Comment 1 Ben Kohler gentoo-dev

2017-07-28 14:17:02 UTC

Good news is that these appear to all be fixed in https://github.com/FreeRDP/FreeRDP/commit/8292b4558f0684065ce1f58db7783cc426099223 , also there is finally a release tarball 2.0.0_rc0 now, which would have all the fixes

Comment 2 Mike Gilbert gentoo-dev

2017-07-28 21:13:11 UTC

I have added 2.0.0-rc0 to the gentoo repo.

Let's give it a week or so for testing in ~arch before stabilizing it.

Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev

2018-03-12 12:55:05 UTC

freerdp 2.0.0_rc0 already stable, thank you Mike