Gentoo FoundationMGASA-2020-0297Updated freerdp/remmina packages fix security vulnerability
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.02 Low
EPSS
Percentile
88.7%
It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly exeucte arbitrary code. The freerdp package has been updated to version 2.1.2 to fix these issues. Also, the remmina package has been updated to version 1.4.7 for compatibility with the updated freerdp.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 7 | noarch | freerdp | < 2.1.2-1 | freerdp-2.1.2-1.mga7 |
| Mageia | 7 | noarch | remmina | < 1.4.7-1 | remmina-1.4.7-1.mga7 |
References
bugs.mageia.org/show_bug.cgi?id=26699
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-84vj-g73m-chw7
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8cvc-vcw7-6mfw
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x4wq-m7c9-rjgr
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xh4f-fh87-43hp
gitlab.com/Remmina/Remmina/-/releases#v1.4.7
lists.fedoraproject.org/archives/list/[email protected]/thread/6RTM4HR3PBFF5X7XHCOS5MIHPKSDEYCX/
lists.fedoraproject.org/archives/list/[email protected]/thread/IGSY4CEBOH6TVJLIW53YL7YDGHY3RMPU/
ubuntu.com/security/notices/USN-4379-1
Related
8.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.02 Low
EPSS
Percentile
88.7%