Ubuntu has issued an advisory on December 12: https://usn.ubuntu.com/3845-1/ The issues are fixed upstream in 2.0.0-rc4.
Fixed now for mga6!
Advisory: ======================== Updated freerdp packages fix security vulnerabilities: Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2018-8784, CVE-2018-8785). Eyal Itkin discovered FreeRDP incorrectly handled bitmaps. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2018-8786, CVE-2018-8787). Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2018-8788). Eyal Itkin discovered FreeRDP incorrectly handled NTLM authentication. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2018-8789). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8784 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8785 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8786 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8787 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8788 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8789 https://usn.ubuntu.com/3845-1/ ======================== Updated packages in core/updates_testing: ======================== freerdp-2.0.0-0.rc4.1.mga6 libfreerdp2-2.0.0-0.rc4.1.mga6 libfreerdp-devel-2.0.0-0.rc4.1.mga6 from freerdp-2.0.0-0.rc4.1.mga6.src.rpm
CC: (none) => geiger.david68210Assignee: geiger.david68210 => qa-bugs
Mageia 6, x86_64 Before updating: Looking for something that requires Remote Desktop Protocol. vinagre comes up in the list given by $ urpmq --whatrequires-recursive lib64freerdp2 and vinagre is the application used by the "Remote Desktop Viewer" in the menus. An old report indicated that the remote desktop should have some kind of RDP service running. Moved to machine vega and installed xrdp (which pulled in tigervnc and installed a pem file in /etc...). Enabled and started the xrdp.service. Back to the test machine. Launched Remote Desktop Viewer, chose to connect to vega with the RDP protocol. That raised a Certificate Verification window which I accepted. Logged in as user and was presented with a very basic desktop - not sure which but it has an empty screen with a simple taskbar [ menu-icon Terminal Editor Browser MCC workspace-switcher ] The terminal worked fine and $ wv 900 displayed a home-made ruby applet showing the current local temperature, wind and sky. That closed instantly on a right-click. Firefox was already running on vega so it would not display here. MCC would not launch from the panel. It could be invoked at the cli by $ sudo mcc but only in text mode. MageiaWelcome launches from the menus and the cli. MCC does not launch at all from the menus. Videos played smoothly in mplayer - no sound though - tried pavucontrol but could not establish a connection to pulseaudio because it needed to be started then it complained that there were no cards to configure. I guess all that is normal. vlc had problems starting a video because the sound output could not be configured. The editor is kwrite and that seemed to work fine. Closed firefox on vega and launched it here and browsed to madb. Closed it and raised it again on vega. It came up with the smaller fimensions it occupied in the VNC window. So graphics are handled perfectly unless su is involved but there are a few problems with multimedia. No discussions regarding reproducing the CVE issues. Now to update and repeat all of that: Updates installed cleanly. The launch of Remote Desktop Viewer did not go well. All I could get was a terminal connection, no X. Tried several times to no avail, restarting xrdp on the remote host. Checked the status of xrdp and saw errors logged even though it was running. The messages included "Listening socket in wrong state. Closing down listener. shutting down log subsystem" Too late to experiment just now, like rebooting both machines and restarting. Later.
CC: (none) => tarazed25
Still trying to figure out how all this works, set up an xrdp connection from another workstation to the former test machine. RDP login was successful but the new host chose Cinnamon which immediately crashed leaving an X window without a window manager. MageiaWelcome was on screen but not easily usable because most of it was off-screen. Had to reboot to disconnect. Back to the original test machine. Ran vinagre from the cli under strace and saw a vinagre error: [com.freerdp.core.transport] - transport_check_fds: transport->ReceiveCallback() - -4 and several Gtk warnings like: Drawing a gadget with negative dimensions. Did you forget to allocate a size? (node box owner ViewAutoDrawer) The window showed a black screen with no desktop. There was the usual untrusted pem certificate business - accepted the certificate but saw no login. Disconnected. vinagre said "GLib-CRITICAL **: Source ID 7506 was not found when attempting to remove it" The trace shows many references to freerdp and a couple to libfreerdp2. Not getting anywhere with this so I shall leave it to somebody with expert knowledge. ??
https://bugs.mageia.org/show_bug.cgi?id=13444 especially comments 5 & 8. https://bugs.mageia.org/show_bug.cgi?id=22921 April 2018 comments 7 & 8. Are Alan Richter & Mike Rambo still with us? If so, how can we solicit them? [@ both Davids]
CC: (none) => lewyssmith
(In reply to Lewis Smith from comment #5) > comments 7 & 8. Are Alan Richter & Mike Rambo still with us? If so, how can > we solicit them? [@ both Davids] By adding them in the CC field (which has autocomplete, just type their name).
CC: (none) => arichter, mrambo
I just tried the new RPMs: [arichter@lisa ~]$ rpm -qa | grep freerdp freerdp-2.0.0-0.rc4.1.mga6 lib64freerdp2-2.0.0-0.rc4.1.mga6 and connecting to a Win-10 system as well as a Win server 2008 both worked correctly. I invoked xfreerdp from the command line this way: xfreerdp /size:1920x1080 /d:<domainname> /u:<username> /v:<hostname> I did discover that xfreerdp was attempting to use the http_proxy and https_proxy environment variables which ultimately failed: [arichter@lisa ~]$ xfreerdp /size:1920x1080 /d:<domainname> /u:<user> /v:<hostname> [13:34:37:219] [6391:6392] [INFO][com.freerdp.client.common.cmdline] - loading channelEx cliprdr [13:34:37:231] [6391:6392] [INFO][com.freerdp.core.proxy] - Parsed proxy configuration: http://localhost:3128 [13:34:37:232] [6391:6392] [ERROR][com.freerdp.core.proxy] - HTTP proxy: failed to write CONNECT request [13:34:37:232] [6391:6392] [ERROR][com.freerdp.core.nego] - Protocol Security Negotiation Failure [13:34:37:232] [6391:6392] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_SECURITY_NEGO_CONNECT_FAILED [0x0002000C] [13:34:37:232] [6391:6392] [ERROR][com.freerdp.core.connection] - Error: protocol security negotiation or connection failure by unsetting these variables xfreerdp worked correctly (ie. "unset http_proxy https_proxy" As far as I can tell, from limited testing, freerdp-2.0.0-0.rc4.1 works fine under mga6, I can try mga7 tomorrow if you like.
Whiteboard: (none) => MGA6-64-OK
Tested the updated packages in a 32 bit mga6 VM against win10, server 2003, 2008 and 2012 (incl R2). This particular VM runs a Trinity desktop but that shouldn't matter. Tested the 64 bit package on my mga6 laptop (running plasma) against server 2003 and 2012R2. Alan already did win10 and server 2008 above. All tests were good on both 32 and 64 bit for me.
Whiteboard: MGA6-64-OK => MGA6-64-OK MGA6-32-OK
@Alan, @Mike No sooner said than done! Thank you both for flying this, really appreciated. People who know what they are doing with sort of thing - and have the appropriate infrastructure - are invaluable. Advisory from comment 2.
Keywords: (none) => advisory, validated_updateCC: (none) => sysadmin-bugs
Tests in MGA7 also indicate correct behaviour for server2008 and Win-10 enterprise. Thanks for getting us involved.
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0012.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
This update also fixed CVE-2018-1000852: http://lists.suse.com/pipermail/sle-security-updates/2019-January/005053.html https://bugzilla.suse.com/show_bug.cgi?id=1120507
(In reply to David Walser from comment #12) > This update also fixed CVE-2018-1000852: > http://lists.suse.com/pipermail/sle-security-updates/2019-January/005053.html > https://bugzilla.suse.com/show_bug.cgi?id=1120507 https://lists.opensuse.org/opensuse-updates/2019-01/msg00100.html