Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 626428 (CVE-2017-2834, CVE-2017-2835, CVE-2017-2836, CVE-2017-2837, CVE-2017-2838, CVE-2017-2839) - <net-misc/freerdp-2.0.0_rc0: Multiple vulnerabilities
Summary: <net-misc/freerdp-2.0.0_rc0: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2017-2834, CVE-2017-2835, CVE-2017-2836, CVE-2017-2837, CVE-2017-2838, CVE-2017-2839
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://github.com/FreeRDP/FreeRDP/pu...
Whiteboard: ~3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-28 11:50 UTC by Christopher Díaz Riveros (RETIRED)
Modified: 2018-03-12 12:55 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-07-28 11:50:23 UTC
From URL:


Fix the following issues identified by the CISCO TALOS project:
 * TALOS-2017-0336 CVE-2017-2834
 * TALOS-2017-0337 CVE-2017-2834
 * TALOS-2017-0338 CVE-2017-2836
 * TALOS-2017-0339 CVE-2017-2837
 * TALOS-2017-0340 CVE-2017-2838
 * TALOS-2017-0341 CVE-2017-2839

References:

https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0338
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0339
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0340
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0341
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0337
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0336
Comment 1 Ben Kohler gentoo-dev 2017-07-28 14:17:02 UTC
Good news is that these appear to all be fixed in https://github.com/FreeRDP/FreeRDP/commit/8292b4558f0684065ce1f58db7783cc426099223 , also there is finally a release tarball 2.0.0_rc0 now, which would have all the fixes
Comment 2 Mike Gilbert gentoo-dev 2017-07-28 21:13:11 UTC
I have added 2.0.0-rc0 to the gentoo repo.

Let's give it a week or so for testing in ~arch before stabilizing it.
Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-03-12 12:55:05 UTC
freerdp 2.0.0_rc0 already stable, thank you Mike