[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

CESA-2020:4031 -- centos 7 freerdp

ID: oval:org.secpod.oval:def:205649Date: (C)2020-10-28   (M)2023-12-20
Class: PATCHFamily: unix




FreeRDP is a free implementation of the Remote Desktop Protocol , released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. The following packages have been upgraded to a later upstream version: freerdp . Security Fix: * freerdp: Out of bound read in cliprdr_server_receive_capabilities * freerdp: Out of bound read/write in usb redirection channel * freerdp: out-of-bounds read in update_read_icon_info function * freerdp: out-of-bounds read in autodetect_recv_bandwidth_measure_results function * freerdp: Out-of-bounds read in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. * freerdp: Out-of-bounds read in security_fips_decrypt in libfreerdp/core/security.c * freerdp: Out of bound read in update_recv could result in a crash * freerdp: Integer overflow in VIDEO channel * freerdp: Out of bound access in clear_decompress_subcode_rlex * freerdp: Unchecked read of array offset in rdpsnd_recv_wave2_pdu * freerdp: out of bound read in rfx_process_message_tileset * freerdp: double free in update_read_cache_bitmap_v3_order function * freerdp: out of bounds read in update_read_bitmap_data function * freerdp: out of bounds seek in update_read_synchronize function could lead out of bounds read * freerdp: out-of-bounds read could result in aborting the session * freerdp: out-of-bound read of client memory that is then passed on to the protocol parser * freerdp: stream out-of-bounds seek in rdp_read_font_capability_set could lead to out-of-bounds read * freerdp: out-of-bounds read in cliprdr_read_format_list function * freerdp: out-of-bounds read in ntlm_read_ntlm_v2_client_challenge function * freerdp: out-of-bounds read in ntlm_read_AuthenticateMessage * freerdp: out-of-bounds read in ntlm_read_NegotiateMessage * freerdp: out-of-bounds read in irp functions * freerdp: out-of-bounds read in gdi.c * freerdp: out-of-bounds read in bitmap.c * freerdp: Stream pointer out of bounds in update_recv_secondary_order could lead out of bounds read later For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.

Platform:
CentOS 7
Product:
freerdp
Reference:
CESA-2020:4031
CVE-2020-11018
CVE-2020-11019
CVE-2020-11038
CVE-2020-11039
CVE-2020-11040
CVE-2020-11041
CVE-2020-11042
CVE-2020-11043
CVE-2020-11044
CVE-2020-11045
CVE-2020-11046
CVE-2020-11047
CVE-2020-11048
CVE-2020-11049
CVE-2020-11058
CVE-2020-11085
CVE-2020-11086
CVE-2020-11087
CVE-2020-11088
CVE-2020-11089
CVE-2020-11522
CVE-2020-11525
CVE-2020-11526
CVE-2020-13396
CVE-2020-13397
CVE    25
CVE-2020-11526
CVE-2020-11525
CVE-2020-11038
CVE-2020-11058
...
CPE    3
cpe:/a:freerdp:freerdp
cpe:/o:centos:centos:7
cpe:/a:freerdp:freerdp:2.0.0:-

© SecPod Technologies