1173247 – (CVE-2020-4030) VUL-0: CVE-2020-4030,CVE-2020-4031,CVE-2020-4032,CVE-2020-4033,CVE-2020-11095,CVE-2020-11096,CVE-2020-11097,CVE-2020-11098,CVE-2020-11099: freerdp: vulnerabilities fixed with 2.1.2

Bug 1173247 (CVE-2020-4030) - VUL-0: CVE-2020-4030,CVE-2020-4031,CVE-2020-4032,CVE-2020-4033,CVE-2020-11095,CVE-2020-11096,CVE-2020-11097,CVE-2020-11098,CVE-2020-11099: freerdp: vulnerabilities fixed with 2.1.2

Summary: VUL-0: CVE-2020-4030,CVE-2020-4031,CVE-2020-4032,CVE-2020-4033,CVE-2020-11095...

Status:	RESOLVED FIXED

Alias:	CVE-2020-4030

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	unspecified
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/262165/
Whiteboard:	CVSSv3.1:SUSE:CVE-2020-11095:5.4:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2020-06-23 05:50 UTC by Johannes Weberhofer
Modified:	2024-06-26 10:31 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Weberhofer 2020-06-23 05:50:03 UTC

Please update to the latest freerdp version 2.1.2 which I have just pushed to factory
  * CVE-2020-4033 Out of bound read in RLEDECOMPRESS
  * CVE-2020-4031 Use-After-Free in gdi_SelectObject
  * CVE-2020-4032 Integer casting vulnerability in `update_recv_secondary_order`
  * CVE-2020-4030 OOB read in `TrioParse`
  * CVE-2020-11099 OOB Read in license_read_new_or_upgrade_license_packet
  * CVE-2020-11098 Out-of-bound read in glyph_cache_put
  * CVE-2020-11097 OOB read in ntlm_av_pair_get
  * CVE-2020-11095 Global OOB read in update_recv_primary_order
  * CVE-2020-11096 Global OOB read in update_read_cache_bitmap_v3_order
  * Gateway RPC fixes for windows
  * Fixed resource fee race resulting in double free in USB redirection
  * Fixed wayland client crashes
  * Fixed X11 client mouse mapping issues (X11 mapping on/off)
  * Some proxy related improvements (capture module)
  * Code cleanup (use getlogin_r, ...)

Comment 4 QK ZHU 2020-07-02 03:33:51 UTC

Requests accepted.

Comment 5 QK ZHU 2020-07-02 03:42:15 UTC

Reopened and assign to the security team, Thanks.

Comment 10 Swamp Workflow Management 2020-07-23 19:14:31 UTC

SUSE-SU-2020:2032-1: An update that fixes 31 vulnerabilities is now available.

Category: security (important)
Bug References: 1169679,1169748,1171441,1171443,1171444,1171445,1171446,1171447,1171474,1173247,1173605,1174200
CVE References: CVE-2020-11017,CVE-2020-11018,CVE-2020-11019,CVE-2020-11038,CVE-2020-11039,CVE-2020-11040,CVE-2020-11041,CVE-2020-11043,CVE-2020-11085,CVE-2020-11086,CVE-2020-11087,CVE-2020-11088,CVE-2020-11089,CVE-2020-11095,CVE-2020-11096,CVE-2020-11097,CVE-2020-11098,CVE-2020-11099,CVE-2020-11521,CVE-2020-11522,CVE-2020-11523,CVE-2020-11524,CVE-2020-11525,CVE-2020-11526,CVE-2020-13396,CVE-2020-13397,CVE-2020-13398,CVE-2020-4030,CVE-2020-4031,CVE-2020-4032,CVE-2020-4033
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    freerdp-2.1.2-10.15.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 11 Swamp Workflow Management 2020-07-26 22:13:36 UTC

openSUSE-SU-2020:1090-1: An update that fixes 31 vulnerabilities is now available.

Category: security (important)
Bug References: 1169679,1169748,1171441,1171443,1171444,1171445,1171446,1171447,1171474,1173247,1173605,1174200
CVE References: CVE-2020-11017,CVE-2020-11018,CVE-2020-11019,CVE-2020-11038,CVE-2020-11039,CVE-2020-11040,CVE-2020-11041,CVE-2020-11043,CVE-2020-11085,CVE-2020-11086,CVE-2020-11087,CVE-2020-11088,CVE-2020-11089,CVE-2020-11095,CVE-2020-11096,CVE-2020-11097,CVE-2020-11098,CVE-2020-11099,CVE-2020-11521,CVE-2020-11522,CVE-2020-11523,CVE-2020-11524,CVE-2020-11525,CVE-2020-11526,CVE-2020-13396,CVE-2020-13397,CVE-2020-13398,CVE-2020-4030,CVE-2020-4031,CVE-2020-4032,CVE-2020-4033
Sources used:
openSUSE Leap 15.1 (src):    freerdp-2.1.2-lp151.5.6.1

Comment 12 Swamp Workflow Management 2020-07-29 13:14:23 UTC

SUSE-SU-2020:2068-1: An update that fixes 31 vulnerabilities is now available.

Category: security (important)
Bug References: 1169679,1169748,1171441,1171443,1171444,1171445,1171446,1171447,1171474,1173247,1173605,1174200
CVE References: CVE-2020-11017,CVE-2020-11018,CVE-2020-11019,CVE-2020-11038,CVE-2020-11039,CVE-2020-11040,CVE-2020-11041,CVE-2020-11043,CVE-2020-11085,CVE-2020-11086,CVE-2020-11087,CVE-2020-11088,CVE-2020-11089,CVE-2020-11095,CVE-2020-11096,CVE-2020-11097,CVE-2020-11098,CVE-2020-11099,CVE-2020-11521,CVE-2020-11522,CVE-2020-11523,CVE-2020-11524,CVE-2020-11525,CVE-2020-11526,CVE-2020-13396,CVE-2020-13397,CVE-2020-13398,CVE-2020-4030,CVE-2020-4031,CVE-2020-4032,CVE-2020-4033
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    freerdp-2.1.2-15.7.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 14 Swamp Workflow Management 2020-08-18 19:17:53 UTC

SUSE-SU-2020:2272-1: An update that fixes 46 vulnerabilities is now available.

Category: security (important)
Bug References: 1004108,1050699,1050704,1050708,1050711,1050712,1050714,1085416,1087240,1090677,1103557,1104918,1112028,1116708,1117963,1117964,1117965,1117966,1117967,1120507,1129193,1169679,1169748,1171441,1171443,1171444,1171445,1171446,1171447,1171674,1173247,1173605,1174200,1174321
CVE References: CVE-2017-2834,CVE-2017-2835,CVE-2017-2836,CVE-2017-2837,CVE-2017-2838,CVE-2017-2839,CVE-2018-0886,CVE-2018-1000852,CVE-2018-8784,CVE-2018-8785,CVE-2018-8786,CVE-2018-8787,CVE-2018-8788,CVE-2018-8789,CVE-2020-11017,CVE-2020-11018,CVE-2020-11019,CVE-2020-11038,CVE-2020-11039,CVE-2020-11040,CVE-2020-11041,CVE-2020-11043,CVE-2020-11085,CVE-2020-11086,CVE-2020-11087,CVE-2020-11088,CVE-2020-11089,CVE-2020-11095,CVE-2020-11096,CVE-2020-11097,CVE-2020-11098,CVE-2020-11099,CVE-2020-11521,CVE-2020-11522,CVE-2020-11523,CVE-2020-11524,CVE-2020-11525,CVE-2020-11526,CVE-2020-13396,CVE-2020-13397,CVE-2020-13398,CVE-2020-15103,CVE-2020-4030,CVE-2020-4031,CVE-2020-4032,CVE-2020-4033
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    freerdp-2.1.2-12.20.1, vinagre-3.20.2-16.3.3
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    freerdp-2.1.2-12.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 15 Alexandros Toptsoglou 2020-08-27 13:45:34 UTC

Done