Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 729218 (CVE-2020-11095, CVE-2020-11096, CVE-2020-11097, CVE-2020-11098, CVE-2020-11099, CVE-2020-4030, CVE-2020-4031, CVE-2020-4032, CVE-2020-4033) - <net-misc/freerdp-2.1.2: Multiple vulnerabilities (CVE-2020-{4030,4031,4032,4033,11095,11096,11097,11098,11099})
Summary: <net-misc/freerdp-2.1.2: Multiple vulnerabilities (CVE-2020-{4030,4031,4032,4...
Status: RESOLVED FIXED
Alias: CVE-2020-11095, CVE-2020-11096, CVE-2020-11097, CVE-2020-11098, CVE-2020-11099, CVE-2020-4030, CVE-2020-4031, CVE-2020-4032, CVE-2020-4033
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.freerdp.com/2020/06/22/2_1...
Whiteboard: B3 [noglsa cve]
Keywords: CC-ARCHES
Depends on:
Blocks:
 
Reported: 2020-06-22 23:01 UTC by Sam James
Modified: 2020-07-26 05:35 UTC (History)
1 user (show)

See Also:
Package list:
net-misc/freerdp-2.1.2-r1
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-06-22 23:01:42 UTC
* CVE-2020-4030

Description:
"In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2."

* CVE-2020-4031

Description:
"In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2."

* CVE-2020-4032

Description:
"In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2."

* CVE-2020-4033

Description:
"In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2."

* CVE-2020-11095

Description:
"In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2."

* CVE-2020-11096

Description:
"In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2."

* CVE-2020-11097

Description:
"In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2."

* CVE-2020-11098

Description:
"In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. This affects all FreeRDP clients with `+glyph-cache` option enabled. This is fixed in version 2.1.2."

* CVE-2020-11099

Description:
"In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2."
Comment 1 Sam James archtester gentoo-dev Security 2020-06-22 23:03:12 UTC
Please bump to 2.1.2.
Comment 2 Larry the Git Cow gentoo-dev 2020-06-22 23:34:08 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d8d7564b2fe1847d801be746949021fbb1527aea

commit d8d7564b2fe1847d801be746949021fbb1527aea
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2020-06-22 23:31:01 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2020-06-22 23:31:01 +0000

    net-misc/freerdp: bump to 2.1.2
    
    Bug: https://bugs.gentoo.org/729218
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 net-misc/freerdp/Manifest             |   1 +
 net-misc/freerdp/freerdp-2.1.2.ebuild | 124 ++++++++++++++++++++++++++++++++++
 2 files changed, 125 insertions(+)
Comment 3 Sam James archtester gentoo-dev Security 2020-06-23 00:23:47 UTC
Thanks. Let us know when ready to stable.
Comment 4 Joakim Tjernlund 2020-06-23 09:51:19 UTC
Seem 2.1.2 is somewhat brone. Needs
https://github.com/akallabeth/FreeRDP/commit/ce1a9d8d1969ecbb4d24b9f4812654638a44abc2
Comment 5 Mike Gilbert gentoo-dev 2020-06-30 14:27:20 UTC
(In reply to Joakim Tjernlund from comment #4)

Fixed in 2.1.2-r1. In the future, please file a separate bug report when reporting a problem.
Comment 6 Agostino Sarubbo gentoo-dev 2020-07-02 06:26:21 UTC
amd64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2020-07-02 06:28:51 UTC
arm stable
Comment 8 Agostino Sarubbo gentoo-dev 2020-07-02 06:30:44 UTC
ppc stable
Comment 9 Agostino Sarubbo gentoo-dev 2020-07-02 06:32:39 UTC
ppc64 stable
Comment 10 Agostino Sarubbo gentoo-dev 2020-07-02 06:36:39 UTC
x86 stable
Comment 11 Sam James archtester gentoo-dev Security 2020-07-04 12:55:42 UTC
arm64 stable

----
@maintainer, please cleanup
Comment 12 Sam James archtester gentoo-dev Security 2020-07-26 05:35:30 UTC
GLSA vote: no!

Cleanup was done in https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=24433701675335005b6a5948d109818d195aca63.

Closing.