| Summary: | freerdp new security issues CVE-2017-283[4-9] | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | geiger.david68210, herman.viaene, sysadmin-bugs |
| Version: | 6 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | advisory MGA6-32-OK | ||
| Source RPM: | freerdp-2.0.0-0.rc0.1.mga7.src.rpm | CVE: | |
| Status comment: | |||
| Bug Depends on: | |||
| Bug Blocks: | 21448 | ||
|
Description
David Walser
2017-08-01 03:14:24 CEST
David Walser
2017-08-01 03:14:32 CEST
Whiteboard:
(none) =>
MGA6TOO After checking the code for freerdp-2.0.0-rc0 on Cauldron I can confirm that these multiple security issues are already included in the source tarball, the release 2.0.0-rc0 come from the commit https://github.com/FreeRDP/FreeRDP/commit/1648deb435ad52206f7aa2afe4b4dff71d9329bc https://github.com/FreeRDP/FreeRDP/releases/tag/2.0.0-rc0 For mga6 I think that it would be better to update also freerdp to the "First release candidate for 2.0.0" but I must also update remmina to the latest 1.2.0-rcgit.19 release and also I must do a rebuild for vinagre against new freerdp. WDYT? Can I go for this? Yes, go for it. Whiteboard:
MGA6TOO =>
(none) So, done for mga6! - freerdp-2.0.0-0.rc0.1.mga6.srpm - remmina-1.2.0-0.rcgit.19.1.mga6.srpm - vinagre-3.22.0-3.1.mga6.srpm Thanks David! Advisory: ======================== Updated freerdp packages fix security vulnerabilities: An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle attack to trigger this vulnerability (CVE-2017-2834). An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle to trigger this vulnerability (CVE-2017-2835). An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability (CVE-2017-2836). An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability (CVE-2017-2837). An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability (CVE-2017-2838, CVE-2017-2839). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2834 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2835 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2836 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2837 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2838 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2839 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0336 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0337 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0338 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0339 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0340 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0341 http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JNO6AUPEMWZQNGI7PEVPRUZD3OFNCQ4R/ ======================== Updated packages in core/updates_testing: ======================== freerdp-2.0.0-0.rc0.1.mga6 libfreerdp2-2.0.0-0.rc0.1.mga6 libfreerdp-devel-2.0.0-0.rc0.1.mga6 remmina-1.2.0-0.rcgit.19.1.mga6 remmina-devel-1.2.0-0.rcgit.19.1.mga6 remmina-plugins-common-1.2.0-0.rcgit.19.1.mga6 remmina-plugins-gnome-1.2.0-0.rcgit.19.1.mga6 remmina-plugins-nx-1.2.0-0.rcgit.19.1.mga6 remmina-plugins-rdp-1.2.0-0.rcgit.19.1.mga6 remmina-plugins-spice-1.2.0-0.rcgit.19.1.mga6 remmina-plugins-telepathy-1.2.0-0.rcgit.19.1.mga6 remmina-plugins-vnc-1.2.0-0.rcgit.19.1.mga6 remmina-plugins-xdmcp-1.2.0-0.rcgit.19.1.mga6 vinagre-3.22.0-3.1.mga6 from SRPMS: freerdp-2.0.0-0.rc0.1.mga6.src.rpm remmina-1.2.0-0.rcgit.19.1.mga6.src.rpm vinagre-3.22.0-3.1.mga6.src.rpm CC:
(none) =>
geiger.david68210 MGA6-32 on Asus A6000VM MATE No installation issues. Used remmina to connect to my desktop PC, picking SSH as transport. Looks OK CC:
(none) =>
herman.viaene Advisory uploaded, validating. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0243.html Resolution:
(none) =>
FIXED
David Walser
2017-08-04 22:45:04 CEST
Blocks:
(none) =>
21448 |