Security update for freerdp SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:0096-1 Final 1 1 2019-01-29T08:15:26Z current 2019-01-29T08:15:26Z 2019-01-29T08:15:26Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for freerdp This update for freerdp fixes the following issues: Security issues fixed: - CVE-2018-0886: Fix a remote code execution vulnerability (CredSSP) (bsc#1085416, bsc#1087240, bsc#1104918) - CVE-2018-8789: Fix several denial of service vulnerabilities in the in the NTLM Authentication module (bsc#1117965) - CVE-2018-8785: Fix a potential remote code execution vulnerability in the zgfx_decompress function (bsc#1117967) - CVE-2018-8786: Fix a potential remote code execution vulnerability in the update_read_bitmap_update function (bsc#1117966) - CVE-2018-8787: Fix a potential remote code execution vulnerability in the gdi_Bitmap_Decompress function (bsc#1117964) - CVE-2018-8788: Fix a potential remote code execution vulnerability in the nsc_rle_decode function (bsc#1117963) - CVE-2018-8784: Fix a potential remote code execution vulnerability in the zgfx_decompress_segment function (bsc#1116708) - CVE-2018-1000852: Fixed a remote memory access in the drdynvc_process_capability_request function (bsc#1120507) This update was imported from the SUSE:SLE-12-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00046.html E-Mail link for openSUSE-SU-2019:0096-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 freerdp-2.0.0~git.1463131968.4e66df7-13.1 freerdp-devel-2.0.0~git.1463131968.4e66df7-13.1 libfreerdp2-2.0.0~git.1463131968.4e66df7-13.1 freerdp-2.0.0~git.1463131968.4e66df7-13.1 as a component of openSUSE Leap 42.3 freerdp-devel-2.0.0~git.1463131968.4e66df7-13.1 as a component of openSUSE Leap 42.3 libfreerdp2-2.0.0~git.1463131968.4e66df7-13.1 as a component of openSUSE Leap 42.3 The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka "CredSSP Remote Code Execution Vulnerability". CVE-2018-0886 openSUSE Leap 42.3:freerdp-2.0.0~git.1463131968.4e66df7-13.1 openSUSE Leap 42.3:freerdp-devel-2.0.0~git.1463131968.4e66df7-13.1 openSUSE Leap 42.3:libfreerdp2-2.0.0~git.1463131968.4e66df7-13.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00046.html https://www.suse.com/security/cve/CVE-2018-0886.html CVE-2018-0886 https://bugzilla.suse.com/1117963 SUSE Bug 1117963 https://bugzilla.suse.com/1131873 SUSE Bug 1131873 FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3. CVE-2018-1000852 openSUSE Leap 42.3:freerdp-2.0.0~git.1463131968.4e66df7-13.1 openSUSE Leap 42.3:freerdp-devel-2.0.0~git.1463131968.4e66df7-13.1 openSUSE Leap 42.3:libfreerdp2-2.0.0~git.1463131968.4e66df7-13.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00046.html https://www.suse.com/security/cve/CVE-2018-1000852.html CVE-2018-1000852 https://bugzilla.suse.com/1117963 SUSE Bug 1117963 https://bugzilla.suse.com/1120507 SUSE Bug 1120507 https://bugzilla.suse.com/1131873 SUSE Bug 1131873 FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution. CVE-2018-8784 openSUSE Leap 42.3:freerdp-2.0.0~git.1463131968.4e66df7-13.1 openSUSE Leap 42.3:freerdp-devel-2.0.0~git.1463131968.4e66df7-13.1 openSUSE Leap 42.3:libfreerdp2-2.0.0~git.1463131968.4e66df7-13.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00046.html https://www.suse.com/security/cve/CVE-2018-8784.html CVE-2018-8784 https://bugzilla.suse.com/1116708 SUSE Bug 1116708 https://bugzilla.suse.com/1117963 SUSE Bug 1117963 https://bugzilla.suse.com/1131873 SUSE Bug 1131873 FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution. CVE-2018-8785 openSUSE Leap 42.3:freerdp-2.0.0~git.1463131968.4e66df7-13.1 openSUSE Leap 42.3:freerdp-devel-2.0.0~git.1463131968.4e66df7-13.1 openSUSE Leap 42.3:libfreerdp2-2.0.0~git.1463131968.4e66df7-13.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00046.html https://www.suse.com/security/cve/CVE-2018-8785.html CVE-2018-8785 https://bugzilla.suse.com/1117963 SUSE Bug 1117963 https://bugzilla.suse.com/1117967 SUSE Bug 1117967 https://bugzilla.suse.com/1131873 SUSE Bug 1131873 FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution. CVE-2018-8786 openSUSE Leap 42.3:freerdp-2.0.0~git.1463131968.4e66df7-13.1 openSUSE Leap 42.3:freerdp-devel-2.0.0~git.1463131968.4e66df7-13.1 openSUSE Leap 42.3:libfreerdp2-2.0.0~git.1463131968.4e66df7-13.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00046.html https://www.suse.com/security/cve/CVE-2018-8786.html CVE-2018-8786 https://bugzilla.suse.com/1117963 SUSE Bug 1117963 https://bugzilla.suse.com/1117966 SUSE Bug 1117966 https://bugzilla.suse.com/1131873 SUSE Bug 1131873 FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution. CVE-2018-8787 openSUSE Leap 42.3:freerdp-2.0.0~git.1463131968.4e66df7-13.1 openSUSE Leap 42.3:freerdp-devel-2.0.0~git.1463131968.4e66df7-13.1 openSUSE Leap 42.3:libfreerdp2-2.0.0~git.1463131968.4e66df7-13.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00046.html https://www.suse.com/security/cve/CVE-2018-8787.html CVE-2018-8787 https://bugzilla.suse.com/1117963 SUSE Bug 1117963 https://bugzilla.suse.com/1117964 SUSE Bug 1117964 https://bugzilla.suse.com/1131873 SUSE Bug 1131873 FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution. CVE-2018-8788 openSUSE Leap 42.3:freerdp-2.0.0~git.1463131968.4e66df7-13.1 openSUSE Leap 42.3:freerdp-devel-2.0.0~git.1463131968.4e66df7-13.1 openSUSE Leap 42.3:libfreerdp2-2.0.0~git.1463131968.4e66df7-13.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00046.html https://www.suse.com/security/cve/CVE-2018-8788.html CVE-2018-8788 https://bugzilla.suse.com/1117963 SUSE Bug 1117963 https://bugzilla.suse.com/1131873 SUSE Bug 1131873 FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault). CVE-2018-8789 openSUSE Leap 42.3:freerdp-2.0.0~git.1463131968.4e66df7-13.1 openSUSE Leap 42.3:freerdp-devel-2.0.0~git.1463131968.4e66df7-13.1 openSUSE Leap 42.3:libfreerdp2-2.0.0~git.1463131968.4e66df7-13.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-01/msg00046.html https://www.suse.com/security/cve/CVE-2018-8789.html CVE-2018-8789 https://bugzilla.suse.com/1117963 SUSE Bug 1117963 https://bugzilla.suse.com/1117965 SUSE Bug 1117965 https://bugzilla.suse.com/1131873 SUSE Bug 1131873