Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 819534 (CVE-2021-41159, CVE-2021-41160) - <net-misc/freerdp-2.4.1: multiple vulnerabilities
Summary: <net-misc/freerdp-2.4.1: multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2021-41159, CVE-2021-41160
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa?]
Keywords:
Depends on: 820050
Blocks:
  Show dependency tree
 
Reported: 2021-10-22 21:54 UTC by John Helmert III
Modified: 2021-10-31 21:49 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-22 21:54:29 UTC
CVE-2021-41159 (https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq):

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway.

CVE-2021-41160 (https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7c9r-6r2q-93qg):

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.


Please bump.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-10-24 04:58:43 UTC
If you can, please remember to file/tag security bugs if you can when bumping or if you notice CVEs in the release notes

Please file a stablereq when ready
Comment 2 Mike Gilbert gentoo-dev 2021-10-24 06:50:11 UTC
There's a compiler warning I would like to resolve before stabilizing 2.4.1.

https://github.com/FreeRDP/FreeRDP/issues/7396
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-10-28 19:54:54 UTC
Please cleanup
Comment 4 Larry the Git Cow gentoo-dev 2021-10-31 21:41:21 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a9e5d89979dafa0a40c504d193c430b42785c5e6

commit a9e5d89979dafa0a40c504d193c430b42785c5e6
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2021-10-31 21:40:41 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2021-10-31 21:40:41 +0000

    net-misc/freerdp: drop 2.3.2
    
    Bug: https://bugs.gentoo.org/819534
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 net-misc/freerdp/Manifest                          |   1 -
 net-misc/freerdp/files/freerdp-2-openssl-3.0.patch |  61 ----------
 ...dp-2.4.0-TestUnicodeConversion-big-endian.patch |  28 -----
 net-misc/freerdp/freerdp-2.3.2.ebuild              | 123 ---------------------
 4 files changed, 213 deletions(-)