Advisories » MGASA-2017-0243

Updated freerdp packages fix security vulnerabilities

Publication date: 03 Aug 2017
Type: security
Affected Mageia releases : 6
CVE: CVE-2017-2834 , CVE-2017-2835 , CVE-2017-2836 , CVE-2017-2837 , CVE-2017-2838 , CVE-2017-2839

Description

An exploitable code execution vulnerability exists in the authentication
functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server
response can cause an out-of-bounds write resulting in an exploitable
condition. An attacker can compromise the server or use a man in the middle
attack to trigger this vulnerability (CVE-2017-2834).

An exploitable code execution vulnerability exists in the RDP receive
functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server
response can cause an out-of-bounds write resulting in an exploitable
condition. An attacker can compromise the server or use a man in the middle to
trigger this vulnerability (CVE-2017-2835).

An exploitable denial of service vulnerability exists within the reading of
proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially
crafted challenge packet can cause the program termination leading to a denial
of service condition. An attacker can compromise the server or use man in the
middle to trigger this vulnerability (CVE-2017-2836).

An exploitable denial of service vulnerability exists within the handling of
security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge
packet can cause the program termination leading to a denial of service
condition. An attacker can compromise the server or use man in the middle to
trigger this vulnerability (CVE-2017-2837).

An exploitable denial of service vulnerability exists within the handling of
challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted
challenge packet can cause the program termination leading to a denial of
service condition. An attacker can compromise the server or use man in the
middle to trigger this vulnerability (CVE-2017-2838, CVE-2017-2839).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21427
• https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0336
• https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0337
• https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0338
• https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0339
• https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0340
• https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0341
• http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JNO6AUPEMWZQNGI7PEVPRUZD3OFNCQ4R/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2834
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2835
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2836
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2837
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2838
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2839

SRPMS

6/core

• freerdp-2.0.0-0.rc0.1.mga6
• remmina-1.2.0-0.rcgit.19.1.mga6
• vinagre-3.22.0-3.1.mga6