Fedora has issued an advisory today (July 31): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JNO6AUPEMWZQNGI7PEVPRUZD3OFNCQ4R/ Here's the Talos advisory: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html The RedHat bugs have links to the upstream commits to fix the issues. Mageia 6 is also affected.
Whiteboard: (none) => MGA6TOO
After checking the code for freerdp-2.0.0-rc0 on Cauldron I can confirm that these multiple security issues are already included in the source tarball, the release 2.0.0-rc0 come from the commit https://github.com/FreeRDP/FreeRDP/commit/1648deb435ad52206f7aa2afe4b4dff71d9329bc https://github.com/FreeRDP/FreeRDP/releases/tag/2.0.0-rc0 For mga6 I think that it would be better to update also freerdp to the "First release candidate for 2.0.0" but I must also update remmina to the latest 1.2.0-rcgit.19 release and also I must do a rebuild for vinagre against new freerdp. WDYT? Can I go for this?
Yes, go for it.
Whiteboard: MGA6TOO => (none)Version: Cauldron => 6
So, done for mga6! - freerdp-2.0.0-0.rc0.1.mga6.srpm - remmina-1.2.0-0.rcgit.19.1.mga6.srpm - vinagre-3.22.0-3.1.mga6.srpm
Thanks David! Advisory: ======================== Updated freerdp packages fix security vulnerabilities: An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle attack to trigger this vulnerability (CVE-2017-2834). An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle to trigger this vulnerability (CVE-2017-2835). An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability (CVE-2017-2836). An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability (CVE-2017-2837). An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability (CVE-2017-2838, CVE-2017-2839). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2834 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2835 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2836 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2837 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2838 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2839 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0336 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0337 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0338 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0339 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0340 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0341 http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JNO6AUPEMWZQNGI7PEVPRUZD3OFNCQ4R/ ======================== Updated packages in core/updates_testing: ======================== freerdp-2.0.0-0.rc0.1.mga6 libfreerdp2-2.0.0-0.rc0.1.mga6 libfreerdp-devel-2.0.0-0.rc0.1.mga6 remmina-1.2.0-0.rcgit.19.1.mga6 remmina-devel-1.2.0-0.rcgit.19.1.mga6 remmina-plugins-common-1.2.0-0.rcgit.19.1.mga6 remmina-plugins-gnome-1.2.0-0.rcgit.19.1.mga6 remmina-plugins-nx-1.2.0-0.rcgit.19.1.mga6 remmina-plugins-rdp-1.2.0-0.rcgit.19.1.mga6 remmina-plugins-spice-1.2.0-0.rcgit.19.1.mga6 remmina-plugins-telepathy-1.2.0-0.rcgit.19.1.mga6 remmina-plugins-vnc-1.2.0-0.rcgit.19.1.mga6 remmina-plugins-xdmcp-1.2.0-0.rcgit.19.1.mga6 vinagre-3.22.0-3.1.mga6 from SRPMS: freerdp-2.0.0-0.rc0.1.mga6.src.rpm remmina-1.2.0-0.rcgit.19.1.mga6.src.rpm vinagre-3.22.0-3.1.mga6.src.rpm
CC: (none) => geiger.david68210Assignee: geiger.david68210 => qa-bugs
MGA6-32 on Asus A6000VM MATE No installation issues. Used remmina to connect to my desktop PC, picking SSH as transport. Looks OK
CC: (none) => herman.viaeneWhiteboard: (none) => MGA6-32-OK
Advisory uploaded, validating.
Keywords: (none) => validated_updateWhiteboard: MGA6-32-OK => advisory MGA6-32-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0243.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
Blocks: (none) => 21448