+++ This bug was initially created as a clone of Bug #21427 +++ Fedora has issued an advisory today (July 31): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JNO6AUPEMWZQNGI7PEVPRUZD3OFNCQ4R/ Here's the Talos advisory: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html The RedHat bugs have links to the upstream commits to fix the issues. Debian has issued an advisory for this on August 1: https://www.debian.org/security/2017/dsa-3923 Mageia 5 may be affected, and we may be able to get patches from Debian.
Advisory: ======================== Updated freerdp packages fix security vulnerabilities: An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle attack to trigger this vulnerability (CVE-2017-2834). An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle to trigger this vulnerability (CVE-2017-2835). An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability (CVE-2017-2836). An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability (CVE-2017-2837). An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability (CVE-2017-2838, CVE-2017-2839). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2834 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2835 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2836 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2837 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2838 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2839 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0336 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0337 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0338 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0339 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0340 https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0341 http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JNO6AUPEMWZQNGI7PEVPRUZD3OFNCQ4R/ https://www.debian.org/security/2017/dsa-3923 ======================== Updated packages in core/updates_testing: ======================== freerdp-1.0.2-5.2.mga5 libfreerdp1-1.0.2-5.2.mga5 libfreerdp-devel-1.0.2-5.2.mga5 from freerdp-1.0.2-5.2.mga5.src.rpm
Assignee: geiger.david68210 => qa-bugs
This one is not so simple. See: https://bugs.mageia.org/show_bug.cgi?id=13444 comments 5 & 8. https://bugs.mageia.org/show_bug.cgi?id=19482 comments 16-17
CC: (none) => lewyssmith
Actually it should be pretty simple. It's just like the xrdp update we just tested, except this is for the client side. I advised using rdesktop as the client to test in the xrdp bug, but freerdp is another client that is just as valid. For the server side, you can test it against a Mageia machine running xrdp or a Windows machine with RDP enabled.
CC: lewyssmith => (none)Keywords: (none) => advisory
Having a go at this on mga5 64-bit.
CC: (none) => tarazed25
First problem. Where is xrdp? I used it lately but now I cannot find how to install it. Intending to set it up on the server side but madb cannot find an rpm for it.
Cancel that. I found a machine with xrdp already installed and set it running. However, it would be handy to know how to install it for future reference. $ urpmq --whatprovides xrdp No package named xrdp ??
After updating xfreerdp it was possible to login to another machine and display a 1920x1200 desktop window. The desktop was fully functional but firefox had to be closed on the server side before it could be launched as a startup application. Composing this in the remote desktop window. Since cut&paste does not work I had to use scp on the client to export the following text to the remote desktop. Ports 3389/tcp, 3389/udp enabled at both ends. Saw that port number somewhere and added UDP in case. $ xfreerdp -T "Alienware X51" -g 1920x1200 belexeuli connected to belexeuli:3389 creating directory /home/lcl/.freerdp/certs unknown capability type 6 incorrect offset, type:0x06 actual:4 expected:5 Hoping this is sufficient to pass the update I am adding the 64-bit OK.
Whiteboard: (none) => MGA5-64-OK
xrdp isn't in Mageia 5, that's why you don't find it there.
Thanks David. That rings a bell. I tried to build it locally for some forgotten bug, and failed. The server side in the test above is Mageia 6. Installed and updated freerdp in a Mageia 5 i586 virtualbox on a Mageia 6 system called vega. In the vbox: $ xfreerdp -T "Alienware X51" -g 1280x1024 belexeuli That worked fine, window title as above. The desktop functioned perfectly. Double-clicking on a desktop icon for an NFS share brought up the file manager. gkrellm was displaying local activities. User written applications represented by icons in the Mate panel could be launched and ran properly. One accessed a collection of movies and TV programmes hosted on vega, the host machine for the vbox and launched pavucontrol and vlc to play a menu selection. That also worked fine, albeit at a very slow framerate. If xfreerdp can handle such a three-way transaction then it definitely deserves a pass.
Whiteboard: MGA5-64-OK => MGA5-64-OK MGA5-32-OK
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0475.html
Status: NEW => RESOLVEDResolution: (none) => FIXED