| Summary: | freerdp new security issues CVE-2024-32039, CVE-2024-3204[01], CVE-2024-3245[89] and CVE-2024-32460 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, brtians1, davidwhodgins, mageia, sysadmin-bugs, tarazed25 |
| Version: | 9 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9-32-OK MGA9-64-OK | ||
| Source RPM: | freerdp-2.10.0-2.1.mga9.src.rpm | CVE: | CVE-2024-32039, CVE-2024-32040, CVE-2024-32041, CVE-2024-32458, CVE-2024-32459, CVE-2024-32460 |
| Status comment: | Fixed upstream in 2.11.6 | ||
|
Description
Nicolas Salguero
2024-04-22 16:53:39 CEST
Nicolas Salguero
2024-04-22 16:54:48 CEST
Source RPM:
(none) =>
freerdp-2.10.0-2.1.mga9.src.rpm Cauldron already has both 2.11.6 & 2.11.7, both put up by DavidG. Who unfairly gets assigned this M9 update. Assignee:
bugsquad =>
geiger.david68210 Assigning to QA, Packages in 9/Core/Updates_testing: ====================== freerdp-2.11.7-1.mga9 libfreerdp-devel-2.11.7-1.mga9.x86_64.rpm libfreerdp2-2.11.7-1.mga9.x86_64.rpm lib64freerdp-devel-2.11.7-1.mga9.x86_64.rpm lib64freerdp2-2.11.7-1.mga9.x86_64.rpm From SRPMS: freerdp-2.11.7-1.mga9.src.rpm Assignee:
geiger.david68210 =>
qa-bugs
katnatek
2024-04-24 04:05:37 CEST
Keywords:
(none) =>
advisory Mageia9, x64 Cannot get started with this one so have not bothered with the update. With the current version I tried to run a session on a neighbouring PC. Installed xrdp on both machines and started the xdrp.service on both. Port 8140 available on both as well. Tried a simple example from the man pages and failed. $ xfreerdp connection.rdp /u:lcl /p:<Password> /w:1920 /h:1080 v:192.168.1.64:8140 The response is the full man page. Handing this on to somebody with more nous. CC:
(none) =>
tarazed25 Install without issue in my both systems (x86_64 and i586) but I just can't make a connection from one system to other, reference bug#32100 comment#6 Sorry (In reply to katnatek from comment #4) > Install without issue in my both systems (x86_64 and i586) but I just can't > make a connection from one system to other, reference bug#32100 comment#6 According to "man freerdp-shadow-cli", tls can be disabled by specifying -sec-tls as an option. That would be fine if you're working in a lan where you are not worried about snooping. For use across an internet connection or with untrusted systems on the same lan, tls should be configured and used, though I haven't looked into how to do that. CC:
(none) =>
davidwhodgins
katnatek
2024-04-27 00:04:04 CEST
CC:
(none) =>
andrewsfarm Very fun, I can connect from x86_64 to i586 but not the reverse BTW could be a "The chair" issue Whiteboard:
(none) =>
MGA9-32-OK Installed and tested without issues.
Tested by connecting to a VM running Windows Server 2016 Datacenter.
All worked as expected. No regressions noticed.
Client System: Mageia 9, x86_64, Plasma DE, AMD Ryzen 5 5600G with Radeon Graphics using amdgpu driver.
Server System: Windows Server 2016 Datacenter, QEMU/KVM, AMD Ryzen 5 5600G with Radeon Graphics.
$ uname -a
Linux jupiter 6.6.28-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Apr 17 17:19:36 UTC 2024 x86_64 GNU/Linux
$ rpm -qa | grep freerdp | sort
freerdp-2.11.7-1.mga9
lib64freerdp2-2.11.7-1.mga9
$ xfreerdp /v:jupiter-vm-windows-server-2016-datacenter /u:JUPITER\\Administrator /h:1000 /w:1920 /sound:sys:alsa
[16:37:00:999] [32256:32257] [WARN][com.freerdp.crypto] - Certificate verification failure 'self-signed certificate (18)' at stack position 0
[16:37:00:999] [32256:32257] [WARN][com.freerdp.crypto] - CN = jupiter-vm-windows-server-2016-datacenter
Certificate details for jupiter-vm-windows-server-2016-datacenter:3389 (RDP-Server):
Common Name: jupiter-vm-windows-server-2016-datacenter
Subject: CN = jupiter-vm-windows-server-2016-datacenter
Issuer: CN = jupiter-vm-windows-server-2016-datacenter
Thumbprint: <SNIP>
The above X.509 certificate could not be verified, possibly because you do not have
the CA certificate in your certificate store, or the certificate has expired.
Please look at the OpenSSL documentation on how to add a private CA to the store.
Do you trust the above certificate? (Y/T/N) Y
Password:
[16:37:11:710] [32256:32257] [INFO][com.freerdp.gdi] - Local framebuffer format PIXEL_FORMAT_BGRX32
[16:37:11:710] [32256:32257] [INFO][com.freerdp.gdi] - Remote framebuffer format PIXEL_FORMAT_BGRA32
[16:37:11:715] [32256:32257] [INFO][com.freerdp.channels.rdpsnd.client] - [static] Loaded alsa backend for rdpsnd
[16:37:11:715] [32256:32257] [INFO][com.freerdp.channels.drdynvc.client] - Loading Dynamic Virtual Channel rdpsnd
[16:37:11:715] [32256:32257] [INFO][com.freerdp.channels.drdynvc.client] - Loading Dynamic Virtual Channel rdpgfx
[16:37:11:960] [32256:32291] [INFO][com.freerdp.channels.rdpsnd.client] - [dynamic] Loaded alsa backend for rdpsnd
[16:37:12:369] [32256:32291] [INFO][com.freerdp.channels.rdpsnd.client] - [dynamic] Loaded alsa backend for rdpsnd
[16:37:13:180] [32256:32256] [ERROR][com.freerdp.core] - freerdp_abort_connect:freerdp_set_last_error_ex ERRCONNECT_CONNECT_CANCELLED [0x0002000B]CC:
(none) =>
mageia MGA9-64, Xfce, Dell Chromebook installation Installed updates freerdp-2.11.7-1.mga9 libfreerdp2-2.11.7-1.mga9.x86_64.rpm Ran xfreerdp -f <ip> worked as expected CC:
(none) =>
brtians1 Validating. CC:
(none) =>
sysadmin-bugs An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0157.html Resolution:
(none) =>
FIXED |