Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 679416 (CVE-2018-1000852)

Summary: <net-misc/freerdp-2.0.0_rc4: out of bounds read in drdynvc_process_capability_request (CVE-2018-1000852)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: floppym
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 672010    
Bug Blocks:    

Description GLSAMaker/CVETool Bot gentoo-dev 2019-03-04 16:47:55 UTC 
CVE-2018-1000852 (https://nvd.nist.gov/vuln/detail/CVE-2018-1000852):
  FreeRDP FreeRDP 2.0.0-rc3 released version before commit
  205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown
  vulnerability in channels/drdynvc/client/drdynvc_main.c,
  drdynvc_process_capability_request that can result in The RDP server can
  read the client's memory.. This attack appear to be exploitable via
  RDPClient must connect the rdp server with echo option. This vulnerability
  appears to have been fixed in after commit
  205c612820dac644d665b5bb1cdf437dc5ca01e3.
Comment 1 Larry the Git Cow gentoo-dev 2019-09-29 20:50:51 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=90b6afa43fad256f625e2ccbe45a48f889e48f5f

commit 90b6afa43fad256f625e2ccbe45a48f889e48f5f
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2019-09-29 20:50:45 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2019-09-29 20:50:45 +0000

    net-misc/freerdp: remove old
    
    Bug: https://bugs.gentoo.org/679416
    Package-Manager: Portage-2.3.75_p7, Repoman-2.3.17_p49
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 net-misc/freerdp/Manifest                    |   1 -
 net-misc/freerdp/freerdp-2.0.0_rc2-r1.ebuild | 119 ---------------------------
 2 files changed, 120 deletions(-)
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2019-10-06 19:52:15 UTC 
Why did you revert cleanup (https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b17e3543da1c86ea2f7718887a82ba822ca0927)?
Comment 3 Mike Gilbert gentoo-dev 2019-10-07 17:05:35 UTC 
(In reply to Thomas Deutschmann from comment #2)
> Why did you revert cleanup
> (https://gitweb.gentoo.org/repo/gentoo.git/commit/
> ?id=8b17e3543da1c86ea2f7718887a82ba822ca0927)?

ppc is lagging on stabilization due to failing tests. See bug 672010.
Comment 4 Larry the Git Cow gentoo-dev 2019-12-12 20:15:23 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=08f2438131f86e39251efb3620668c776f9f4243

commit 08f2438131f86e39251efb3620668c776f9f4243
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2019-12-12 20:14:23 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2019-12-12 20:15:13 +0000

    net-misc/freerdp: remove old
    
    Bug: https://bugs.gentoo.org/672010
    Bug: https://bugs.gentoo.org/679416
    Package-Manager: Portage-2.3.80_p5, Repoman-2.3.19_p4
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 net-misc/freerdp/Manifest                         |   1 -
 net-misc/freerdp/files/2.0.0-rc2-primitives.patch |  41 --------
 net-misc/freerdp/freerdp-2.0.0_rc2-r1.ebuild      | 120 ----------------------
 3 files changed, 162 deletions(-)
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-28 19:34:03 UTC 
Tree is clean.