UbuntuUpdates.org

Package "freerdp2"

Name: freerdp2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Free Remote Desktop Protocol library (development files)
  • Free Remote Desktop Protocol library (client library)
  • Free Remote Desktop Protocol library (server library)
  • FreeRDP Remote Desktop Protocol shadow subsystem libraries

Latest version: 2.1.1+dfsg1-0ubuntu0.18.04.1
Release: bionic (18.04)
Level: security
Repository: main

Links



Other versions of "freerdp2" in Bionic

Repository Area Version
base main 2.0.0~git20170725.1.1648deb+dfsg1-7
base universe 2.0.0~git20170725.1.1648deb+dfsg1-7
security universe 2.1.1+dfsg1-0ubuntu0.18.04.1
updates main 2.1.1+dfsg1-0ubuntu0.18.04.1
updates universe 2.1.1+dfsg1-0ubuntu0.18.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.1.1+dfsg1-0ubuntu0.18.04.1 2020-06-01 19:07:25 UTC

  freerdp2 (2.1.1+dfsg1-0ubuntu0.18.04.1) bionic-security; urgency=medium

  * Updated to 2.1.1 to fix multiple security issues.
    - debian/patches/*.patch: removed, no longer needed with new version.
    - debian/patches/1001_spelling-fixes.patch: fix spelling mistake.
    - debian/rules: set WITH_PROXY=OFF for now.
    - debian/control: added libcairo2-dev to Build-Depends.
    - debian/rules: set WITH_CAIRO=ON.
    - debian/control: added libicu-dev to Build-Depends.
    - debian/rules: set WITH_ICU=ON.
    - debian/*symbols: updated for new version.
    - CVE-2019-17177, CVE-2020-11042, CVE-2020-11044, CVE-2020-11045,
      CVE-2020-11046, CVE-2020-11047, CVE-2020-11048, CVE-2020-11049,
      CVE-2020-11058, CVE-2020-11521, CVE-2020-11522, CVE-2020-11523,
      CVE-2020-11524, CVE-2020-11525, CVE-2020-11526, CVE-2020-13396,
      CVE-2020-13397, CVE-2020-13398, CVE-2018-1000852

 -- Marc Deslauriers <email address hidden> Tue, 26 May 2020 13:03:15 -0400

Source diff to previous version
CVE-2019-17177 libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first arg
CVE-2020-11042 In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of
CVE-2020-11044 In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data fro
CVE-2020-11045 In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image b
CVE-2020-11046 In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read.
CVE-2020-11047 In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up
CVE-2020-11048 In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has be
CVE-2020-11049 In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been pa
CVE-2020-11058 In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a res
CVE-2020-11521 libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.
CVE-2020-11522 libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read.
CVE-2020-11523 libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow.
CVE-2020-11524 libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.
CVE-2020-11525 libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read.
CVE-2020-11526 libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.
CVE-2020-13396 An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/l
CVE-2020-13397 An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/c
CVE-2020-13398 An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/cryp
CVE-2018-1000852 FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/

Version: 2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1 2018-12-12 12:07:09 UTC

  freerdp2 (2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Heap based buffer overflow in zgfx_decompress_segment
    - debian/patches/CVE-2018-8784.patch: Add checks to ensure not to overflow output
      buffer in libfreerdp/codec/zgfx.c. Based on upstream patch.
    - CVE-2018-8784
  * SECURITY UPDATE: Heap based buffer overflow in zgfx_decompress
    - debian/patches/CVE-2018-8785.patch: Add checks to ensure not to overflow output
      buffer in libfreerdp/codec/zgfx.c. Based on upstream patch.
    - CVE-2018-8785
  * SECURITY UPDATE: Integer truncation in update_read_bitmap_update
    - debian/patches/CVE-2018-8786.patch: Promote count to 32-bit integer
      type to avoid integer truncation in libfreerdp/core/update.c. Based on
      upstream patch.
    - CVE-2018-8786
  * SECURITY UPDATE: Integer overflow in gdi_Bitmap_Decompress
    - debian/patches/CVE-2018-8787.patch: Check for and avoid possible
      integer overflow in libfreerdp/gdi/graphics.c. Based on upstream
      patch.
    - CVE-2018-8787
  * SECURITY UPDATE: Buffer overflow in nsc_rle_decode
    - debian/patches/CVE-2018-8788.patch: Check for lengths and avoid
      possible buffer overflow overflow in libfreerdp/codec/nsc.c and
      libfreerdp/codec/nsc_encode.c. Based on upstream patch.
    - CVE-2018-8788
  * SECURITY UPDATE: Out-of-bounds read in ntlm_read_message_fields_buffer
    - debian/patches/CVE-2018-8789.patch: Ensure to use 64-bit integer
      type when checking offset against stream length in
      winpr/libwinpr/sspi/NTLM/ntlm_message.c. Based on upstream patch.
    - CVE-2018-8789

 -- Alex Murray <email address hidden> Mon, 10 Dec 2018 13:50:31 +1030

CVE-2018-8784 FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption an
CVE-2018-8785 FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probab
CVE-2018-8786 FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update()
CVE-2018-8787 FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and re
CVE-2018-8788 FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption
CVE-2018-8789 FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfau



About   -   Send Feedback to @ubuntu_updates