freerdp-2.2.0-1.el8

エラータID: AXSA:2021-2116:01

Release date: 
Wednesday, June 30, 2021 - 10:36
Subject: 
freerdp-2.2.0-1.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.

The following packages have been upgraded to a later upstream version: freerdp (2.2.0).

Security Fix(es):

* freerdp: out of bounds read in TrioParse (CVE-2020-4030)
* freerdp: out of bound reads resulting in accessing memory location outside of static array PRIMARY_DRAWING_ORDER_FIELD_BYTES (CVE-2020-11095)
* freerdp: out of bounds read in PRIMARY_DRAWING_ORDER_FIELD_BYTES (CVE-2020-11097)
* freerdp: out of bounds read in license_read_new_or_upgrade_license_packet (CVE-2020-11099)
* freerdp: integer overflow due to missing input sanitation in rdpegfx channel (CVE-2020-15103)
* freerdp: out-of-bounds read in RLEDECOMPRESS (CVE-2020-4033)
* freerdp: out-of-bound read in update_read_cache_bitmap_v3_order (CVE-2020-11096)
* freerdp: out-of-bound read in glyph_cache_put (CVE-2020-11098)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-11095
In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.
CVE-2020-11096
In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2.
CVE-2020-11097
In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.
CVE-2020-11098
In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. This affects all FreeRDP clients with `+glyph-cache` option enabled This is fixed in version 2.1.2.
CVE-2020-11099
In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2.
CVE-2020-15103
In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto
CVE-2020-4030
In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.
CVE-2020-4033
In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. freerdp-2.2.0-1.el8.src.rpm
    MD5: 95c4566cdbb85cb7bebf49186b3f7589
    SHA-256: 0dac744621b29fda685dc6ccf1f91b1b087d101b64db0a0e52749c1f615fed24
    Size: 6.53 MB

Asianux Server 8 for x86_64
  1. freerdp-2.2.0-1.el8.x86_64.rpm
    MD5: 633033e8a216148e3b66c6ea2e690ccd
    SHA-256: af712f1c2235b471f6f429861023f1fe557762c93adcccc13079b3eb132e2f1b
    Size: 111.22 kB
  2. freerdp-libs-2.2.0-1.el8.x86_64.rpm
    MD5: befb2fda1f0363d7ad36e0f79cef6c10
    SHA-256: 581433254b7783f414fd8b686b4940f6cf8dc07814c0a5fd128dd846411c7276
    Size: 884.08 kB
  3. libwinpr-2.2.0-1.el8.x86_64.rpm
    MD5: 9f81584ba69dcb618d9d167aa2b801fe
    SHA-256: 760c4f2b7321bbd69644ef34799deb5a7e0af7fdeef32b29269e7b92faf748c3
    Size: 355.65 kB
  4. libwinpr-devel-2.2.0-1.el8.x86_64.rpm
    MD5: 9ddbaf06a4a0233b4765bb8b18dc3838
    SHA-256: 68696ae083515f0f9a28319a157bcadcece918db08133b0af1d44d92f285d9be
    Size: 171.46 kB
  5. freerdp-libs-2.2.0-1.el8.i686.rpm
    MD5: 64c5757c2dac034063a63c1aabbe6969
    SHA-256: 6541ca22e8d10e961caeff05d8a73215275431605331cf6791d4cc7462accda7
    Size: 835.11 kB
  6. libwinpr-2.2.0-1.el8.i686.rpm
    MD5: f7cc5d2dd47f3eb940e7907cdd27c642
    SHA-256: e7410bd58b4871c01fbcaa09f175e7504cf23bccf0b8290ab3ea4103ef9d9349
    Size: 341.89 kB
  7. libwinpr-devel-2.2.0-1.el8.i686.rpm
    MD5: 0c6955bc3be993fedae7aebcecefdd95
    SHA-256: 9c84d616a28ac2c3fedd63205f24cd44f7649d799785f001d2dfcbfaa45b2ab1
    Size: 171.47 kB