Univention Bugzilla – Bug 51928
freerdp: Multiple issues (4.4)
Last modified: 2020-09-02 11:40:06 CEST
New Debian freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4 fixes: This update addresses the following issues: * integer overflow in heap allocation in license_read_scope_list() (CVE-2014-0791) * out-of-bounds read in update_read_icon_info function (CVE-2020-11042) * out of bounds read in update_read_bitmap_data function (CVE-2020-11045) * out of bounds seek in update_read_synchronize function could lead out of bounds read (CVE-2020-11046) * out-of-bounds read could result in aborting the session (CVE-2020-11048) * stream out-of-bounds seek in rdp_read_font_capability_set could lead to out-of-bounds read (CVE-2020-11058) * Out-of-bounds write in planar.c (CVE-2020-11521) * out-of-bounds read in gdi.c (CVE-2020-11522) * Integer overflow in region.c (CVE-2020-11523) * out-of-bounds read in bitmap.c (CVE-2020-11525) * Stream pointer out of bounds in update_recv_secondary_order could lead out of bounds read later (CVE-2020-11526) * Out-of-bounds read in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. (CVE-2020-13396) * Out-of-bounds read in security_fips_decrypt in libfreerdp/core/security.c (CVE-2020-13397) * Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398)
--- mirror/ftp/4.4/unmaintained/4.4-0/source/freerdp_1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3.dsc +++ apt/ucs_4.4-0-errata4.4-5/source/freerdp_1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4.dsc @@ -1,3 +1,30 @@ +1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4 [Sun, 30 Aug 2020 00:12:05 +0200] Mike Gabriel <sunweaver@debian.org>: + + * CVE-2014-0791: libfreerdp/core/license.c: the remaining length in the stream + is checked before doing some malloc(). + * CVE-2020-11042: libfreerdp/core/window.c: Check length in + update_read_icon_info. + * CVE-2020-11045: libfreerdp/core/update.c: Bounds checks in + update_read_bitmap_data. + * CVE-2020-11046: libfreerdp/core/update.c: Bounds checks in + update_read_synchronize. + * CVE-2020-11048: libfreerdp/core/rdp.c: rdp_read_share_control_header. + * CVE-2020-11058: libfreerdp/core/capabilities.c: Bounds check in + rdp_read_font_capability_set. + * CVE-2020-11521: libfreerdp/core/orders.c: Out of bounds write in planar + codec. + * CVE-2020-11522: libfreerdp/core/orders.c: Limit number of DELTA_RECT to + 45. + * CVE-2020-11523: libfreerdp/gdi/region.c: clamp invalid rectangles to size 0. + * CVE-2020-11525: libfreerdp/cache/bitmap.c: Out of bounds read in + bitmap_cache_new. + * CVE-2020-11526: libfreerdp/core/orders.c: Out of bounds read in + update_recv_orders. + * CVE-2020-13396: winpr/libwinpr/sspi/NTLM/ntlm_message.c: oob read in + ntlm_read_ChallengeMessage. + * CVE-2020-13397: libfreerdp/core/security.c: Missing NULL check. + * CVE-2020-13398: libfreerdp/crypto/crypto.c: heap overflow. + 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u3 [Thu, 10 Jan 2019 16:07:19 +0100] Mike Gabriel <sunweaver@debian.org>: * debian/patches: Add security patches. <http://10.200.17.11/4.4-5/#2868217023976865669>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-5] 51bf1cc4cf Bug #51928: freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4 doc/errata/staging/freerdp.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) [4.4-5] 1c23938b0a Bug #51928: freerdp 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4 doc/errata/staging/freerdp.yaml | 45 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x729>