{"schema_version":"1.7.2","id":"OESA-2021-1008","modified":"2021-02-04T11:02:33Z","published":"2021-02-04T11:02:33Z","upstream":["CVE-2020-11526","CVE-2020-11044","CVE-2020-11042","CVE-2020-11095","CVE-2020-11045","CVE-2020-11522","CVE-2020-11524","CVE-2020-11523","CVE-2020-11525","CVE-2020-11521","CVE-2019-17177"],"summary":"freerdp security update","details":"FreeRDP is a client implementation of the Remote Desktop Protocol (RDP) that follows Microsoft's open specifications. This package provides the client applications xfreerdp and wlfreerdp.\\r\\n\\r\\n\r\nSecurity Fix(es):\\r\\n\\r\\n\r\nlibfreerdp/core/update.c in FreeRDP versions \u003e 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.(CVE-2020-11526)\\r\\n\\r\\n\r\nIn FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0.(CVE-2020-11044)\\r\\n\\r\\n\r\nIn FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -\u003e 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0.(CVE-2020-11042)\\r\\n\\r\\n\r\nIn FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.(CVE-2020-11095)\\r\\n\\r\\n\r\nIn FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour.(CVE-2020-11045)\\r\\n\\r\\n\nlibfreerdp/gdi/gdi.c in FreeRDP \u003e 1.0 through 2.0.0-rc4 has an Out-of-bounds Read.(CVE-2020-11522)\\r\\n\\r\\n\nlibfreerdp/codec/interleaved.c in FreeRDP versions \u003e 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.(CVE-2020-11524)\\r\\n\\r\\n\nlibfreerdp/codec/planar.c in FreeRDP version \u003e 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.(CVE-2020-11521)\\r\\n\\r\\n\nlibfreerdp/cache/bitmap.c in FreeRDP versions \u003e 1.0 through 2.0.0-rc4 has an Out of bounds read.(CVE-2020-11525)\\r\\n\\r\\n\nlibfreerdp/codec/planar.c in FreeRDP version \u003e 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.(CVE-2020-11521)\\r\\n\\r\\n\nlibfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.(CVE-2019-17177)\\r\\n\\r\\n","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS","name":"freerdp","purl":"pkg:rpm/openEuler/freerdp\u0026distro=openEuler-20.03-LTS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.0-2.oe1"}]}],"ecosystem_specific":{"aarch64":["freerdp-debugsource-2.2.0-2.oe1.aarch64.rpm","libwinpr-2.2.0-2.oe1.aarch64.rpm","freerdp-help-2.2.0-2.oe1.aarch64.rpm","freerdp-debuginfo-2.2.0-2.oe1.aarch64.rpm","libwinpr-devel-2.2.0-2.oe1.aarch64.rpm","freerdp-2.2.0-2.oe1.aarch64.rpm","freerdp-devel-2.2.0-2.oe1.aarch64.rpm","freerdp-debugsource-2.2.0-2.oe1.aarch64.rpm","libwinpr-2.2.0-2.oe1.aarch64.rpm","freerdp-help-2.2.0-2.oe1.aarch64.rpm","freerdp-debuginfo-2.2.0-2.oe1.aarch64.rpm","libwinpr-devel-2.2.0-2.oe1.aarch64.rpm","freerdp-2.2.0-2.oe1.aarch64.rpm","freerdp-devel-2.2.0-2.oe1.aarch64.rpm"],"src":["freerdp-2.2.0-2.oe1.src.rpm","freerdp-2.2.0-2.oe1.src.rpm"],"x86_64":["libwinpr-2.2.0-2.oe1.x86_64.rpm","libwinpr-devel-2.2.0-2.oe1.x86_64.rpm","freerdp-devel-2.2.0-2.oe1.x86_64.rpm","freerdp-help-2.2.0-2.oe1.x86_64.rpm","freerdp-debuginfo-2.2.0-2.oe1.x86_64.rpm","freerdp-2.2.0-2.oe1.x86_64.rpm","freerdp-debugsource-2.2.0-2.oe1.x86_64.rpm","libwinpr-2.2.0-2.oe1.x86_64.rpm","libwinpr-devel-2.2.0-2.oe1.x86_64.rpm","freerdp-devel-2.2.0-2.oe1.x86_64.rpm","freerdp-help-2.2.0-2.oe1.x86_64.rpm","freerdp-debuginfo-2.2.0-2.oe1.x86_64.rpm","freerdp-2.2.0-2.oe1.x86_64.rpm","freerdp-debugsource-2.2.0-2.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"freerdp","purl":"pkg:rpm/openEuler/freerdp\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.2.0-2.oe1"}]}],"ecosystem_specific":{"aarch64":["freerdp-debugsource-2.2.0-2.oe1.aarch64.rpm","libwinpr-2.2.0-2.oe1.aarch64.rpm","freerdp-help-2.2.0-2.oe1.aarch64.rpm","freerdp-debuginfo-2.2.0-2.oe1.aarch64.rpm","libwinpr-devel-2.2.0-2.oe1.aarch64.rpm","freerdp-2.2.0-2.oe1.aarch64.rpm","freerdp-devel-2.2.0-2.oe1.aarch64.rpm"],"src":["freerdp-2.2.0-2.oe1.src.rpm"],"x86_64":["libwinpr-2.2.0-2.oe1.x86_64.rpm","libwinpr-devel-2.2.0-2.oe1.x86_64.rpm","freerdp-devel-2.2.0-2.oe1.x86_64.rpm","freerdp-help-2.2.0-2.oe1.x86_64.rpm","freerdp-debuginfo-2.2.0-2.oe1.x86_64.rpm","freerdp-2.2.0-2.oe1.x86_64.rpm","freerdp-debugsource-2.2.0-2.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1008"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11526"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11044"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11042"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11095"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11045"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11522"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11524"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11521"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11525"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11523"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17177"}],"database_specific":{"severity":"Medium"}}