Bug 26699

Summary: freerdp new security issues CVE-2020-403[0-3], CVE-2020-1101[7-9], CVE-2020-1103[89], CVE-2020-1104[0-9], CVE-2020-11058, CVE-2020-1108[5-9], CVE-2020-1109[5-9], CVE-2020-1152[1-6], CVE-2020-1339[6-8]
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: andrewsfarm, davidwhodgins, geiger.david68210, herman.viaene, mhrambo3501, sysadmin-bugs
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7-64-OK
Source RPM: freerdp-2.0.0-0.rc4.1.1.mga7.src.rpm CVE:
Status comment:

Description David Walser 2020-05-29 02:08:08 CEST 
RedHat has issued an advisory today (May 28):
https://access.redhat.com/errata/RHSA-2020:2336

The issues are fixed upstream in 2.0.0 final.
David Walser 2020-05-29 03:07:31 CEST

Status comment: (none) => Fixed upstream in 2.0.0

Comment 1 David GEIGER 2020-05-29 07:19:22 CEST 
Done for mga7!
Comment 2 David Walser 2020-05-29 16:47:58 CEST 
Advisory:
========================

Updated freerdp packages fix security vulnerabilities:

A vulnerability was found in FreeRDP after 1.0 and before 2.0.0, there is an
out-of-bounds write in planar.c (CVE-2020-11521).

A vulnerability was found in FreeRDP after 1.0 and before 2.0.0, there is an
Integer overflow in region.c (CVE-2020-11523).

A vulnerability was found in FreeRDP after 1.0 and before 2.0.0, there is an
out-of-bounds write in interleaved.c (CVE-2020-11524).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11521
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11523
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11524
https://pub.freerdp.com/cve/CVE-2020-11521/
https://pub.freerdp.com/cve/CVE-2020-11523/
https://pub.freerdp.com/cve/CVE-2020-11524/
https://access.redhat.com/errata/RHSA-2020:2336
========================

Updated packages in core/updates_testing:
========================
freerdp-2.0.0-1.mga7
libfreerdp2-2.0.0-1.mga7
libfreerdp-devel-2.0.0-1.mga7

from freerdp-2.0.0-1.mga7.src.rpm

Status comment: Fixed upstream in 2.0.0 => (none)
CC: (none) => geiger.david68210
Assignee: geiger.david68210 => qa-bugs

Comment 3 Herman Viaene 2020-05-30 14:20:11 CEST 
MGA7-64 Plasma on Lenovo B50
No installation issues.
Ref bug 24074
I cann't go any further than clean install, since I have no Windows version I can test again (rdp blocked in Windows 10 Home)

CC: (none) => herman.viaene

Comment 4 Mike Rambo 2020-06-01 18:07:21 CEST 
Tested the new version (x86_64) against Windows server 2008R2, 2012, 2012R2, and 2016. Looks good to me.

CC: (none) => mrambo

David Walser 2020-06-01 18:13:09 CEST

Whiteboard: (none) => MGA7-64-OK

Comment 5 David Walser 2020-06-01 21:13:02 CEST 
Ubuntu has issued an advisory today (June 1):
https://usn.ubuntu.com/4379-1/

It turns out that 2.0.0 fixed a lot more CVEs:
CVE-2020-1104[2456789], CVE-2020-11058, CVE-2020-1152[256]

There are also three CVEs fixed upstream in 2.1.1:
CVE-2020-1339[6-8]

David, can we get those ones patched?

Summary: freerdp new security issues CVE-2020-1152[134] => freerdp new security issues CVE-2020-1104[2456789], CVE-2020-11058, CVE-2020-1152[1-6], CVE-2020-1339[6-8]
Keywords: (none) => feedback

Comment 6 David Walser 2020-06-05 00:49:17 CEST 
RedHat has issued an advisory for the last of the new CVEs today (June 4):
https://access.redhat.com/errata/RHSA-2020:2407
Comment 7 David Walser 2020-06-09 19:35:08 CEST 
Ubuntu has issued an advisory for this on June 4:
https://usn.ubuntu.com/4382-1/

CC: (none) => qa-bugs
Whiteboard: MGA7-64-OK => (none)
Keywords: feedback => (none)
Assignee: qa-bugs => geiger.david68210

Comment 8 David GEIGER 2020-06-20 09:27:51 CEST 
Done for the 3 new CVE's.
Comment 9 Mike Rambo 2020-06-20 16:55:22 CEST 
Tested freerdp-2.0.0-1.1.mga7.x86_64.rpm and dependency lib64freerdp2-2.0.0-1.1.mga7.x86_64.rpm with Windows server 2012, 2012R2, and 2016. We just upgraded our last server 2008 so I no longer have one of those available. But it looks good to me.
Comment 10 David Walser 2020-06-20 18:06:22 CEST 
Just looked at:
https://pub.freerdp.com/cve/

and found a bunch of other issues that were fixed upstream in 2.1.0 that we still need to fix:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11085
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11087
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11088
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11089
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8cvc-vcw7-6mfw
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x4wq-m7c9-rjgr
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-84vj-g73m-chw7
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xh4f-fh87-43hp
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h

Summary: freerdp new security issues CVE-2020-1104[2456789], CVE-2020-11058, CVE-2020-1152[1-6], CVE-2020-1339[6-8] => freerdp new security issues CVE-2020-1101[7-9], CVE-2020-1103[39], CVE-2020-1104[0-9], CVE-2020-11058, CVE-2020-1108[5-9], CVE-2020-1152[1-6], CVE-2020-1339[6-8]

Comment 11 David GEIGER 2020-06-21 08:56:28 CEST 
So we should go with latest 2.1.1 release to fix all of them, WDYT?
Comment 12 David Walser 2020-06-21 14:17:23 CEST 
Probably a good idea.
Comment 14 David GEIGER 2020-07-11 08:00:36 CEST 
Done for freerdp 2.1.2 and remmina 1.4.7 in mga7!
Comment 15 David Walser 2020-07-11 16:06:50 CEST 
Updated packages in core/updates_testing:
========================
freerdp-2.1.2-1.mga7
libfreerdp2-2.1.2-1.mga7
libfreerdp-devel-2.1.2-1.mga7
remmina-1.4.7-1.mga7
remmina-devel-1.4.7-1.mga7
remmina-plugins-common-1.4.7-1.mga7
remmina-plugins-exec-1.4.7-1.mga7
remmina-plugins-kwallet-1.4.7-1.mga7
remmina-plugins-secret-1.4.7-1.mga7
remmina-plugins-nx-1.4.7-1.mga7
remmina-plugins-rdp-1.4.7-1.mga7
remmina-plugins-spice-1.4.7-1.mga7
remmina-plugins-st-1.4.7-1.mga7
remmina-plugins-www-1.4.7-1.mga7
remmina-plugins-vnc-1.4.7-1.mga7
remmina-plugins-xdmcp-1.4.7-1.mga7

from SRPMS:
freerdp-2.1.2-1.mga7.src.rpm
remmina-1.4.7-1.mga7.src.rpm


Advisory to come later.

CC: qa-bugs => (none)
Assignee: geiger.david68210 => qa-bugs

Comment 16 Mike Rambo 2020-07-11 16:49:20 CEST 
Tested freerdp-2.1.2-1.mga7.x86_64.rpm and dependency libfreerdp2-2.1.2-1.mga7.x86_64.rpm with Windows server 2012, 2012R2, and 2016. Works good for me.

I've not used remmina before but I gave it a spin with remmina-1.4.7-1.mga7, remmina-plugins-common-1.4.7-1.mga7, and remmina-plugins-rdp-1.4.7-1.mga7 and tested rdp to the same servers - which tested good. I also tested ssh and though I was able to log in I found that the username did not echo to the screen as it was typed though the password showed the asterisks as usual (note that rdp connections did echo the username back to the screen). This may not be a problem for the update since the previous remmina-1.3.4-1.mga7.x86_64 package exhibited the same behavior so it isn't a regression.

Both look good to me for rdp though remmina supports much more than rdp.
Comment 17 David Walser 2020-07-11 19:33:53 CEST 
Advisory:
========================

Updated freerdp packages fix security vulnerabilities:

It was discovered that FreeRDP incorrectly handled certain memory
operations. A remote attacker could use this issue to cause FreeRDP to
crash, resulting in a denial of service, or possibly exeucte arbitrary
code.

The freerdp package has been updated to version 2.1.2 to fix these issues.

Also, the remmina package has been updated to version 1.4.7 for compatibility
with the updated freerdp.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4031
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4033
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11046
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11047
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11058
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11085
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11087
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11088
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11089
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11095
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11096
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11098
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11099
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11521
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11523
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11524
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11525
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11526
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13396
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13397
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13398
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8cvc-vcw7-6mfw
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x4wq-m7c9-rjgr
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-84vj-g73m-chw7
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xh4f-fh87-43hp
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9
https://gitlab.com/Remmina/Remmina/-/releases#v1.4.7
https://ubuntu.com/security/notices/USN-4379-1
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/IGSY4CEBOH6TVJLIW53YL7YDGHY3RMPU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6RTM4HR3PBFF5X7XHCOS5MIHPKSDEYCX/

Summary: freerdp new security issues CVE-2020-1101[7-9], CVE-2020-1103[39], CVE-2020-1104[0-9], CVE-2020-11058, CVE-2020-1108[5-9], CVE-2020-1152[1-6], CVE-2020-1339[6-8] => freerdp new security issues CVE-2020-403[0-3], CVE-2020-1101[7-9], CVE-2020-1103[89], CVE-2020-1104[0-9], CVE-2020-11058, CVE-2020-1108[5-9], CVE-2020-1109[5-9], CVE-2020-1152[1-6], CVE-2020-1339[6-8]

David Walser 2020-07-11 19:34:20 CEST

Whiteboard: (none) => MGA7-64-OK

Comment 18 Thomas Andrews 2020-07-12 01:30:58 CEST 
Validating. Extensive-looking advisory in Comment 17.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Dave Hodgins 2020-07-31 08:28:15 CEST

Keywords: (none) => advisory
CC: (none) => davidwhodgins

Comment 19 Mageia Robot 2020-08-01 01:27:43 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0297.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED