Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
aports
aports
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 647
    • Issues 647
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Merge Requests 166
    • Merge Requests 166
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Operations
    • Operations
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Repository
    • Value Stream
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • alpine
  • aportsaports
  • Issues
  • #10056

Closed
Open
Opened Mar 05, 2019 by Alicha CH@alichaReporter
  • Report abuse
  • New issue
Report abuse New issue

[3.9] freerdp: Multiple vulnerabilities (CVE-2018-8786, CVE-2018-8787, CVE-2018-8788, CVE-2018-8789)

CVE-2018-8786: FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in
function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-8786

Patch:

https://github.com/FreeRDP/FreeRDP/commit/445a5a42c500ceb80f8fa7f2c11f3682538033f3

CVE-2018-8787: FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in
function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-8787

Patch:

https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a

CVE-2018-8788: FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in
function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-8788

Patch:

https://github.com/FreeRDP/FreeRDP/commit/d1112c279bd1a327e8e4d0b5f371458bf2579659

CVE-2018-8789: FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM
Authentication module that results in a Denial of Service (segfault).

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-8789

Patch:

https://github.com/FreeRDP/FreeRDP/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6

(from redmine: issue id 10056, created on 2019-03-05, closed on 2019-04-18)

  • Changesets:
    • Revision 0711692c on 2019-04-17T13:12:48Z:
community/freerdp: security upgrade to 2.0.0_rc4

CVE-2018-8786, CVE-2018-8787, CVE-2018-8788, CVE-2018-8789

Fixes #10056
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information
Assignee
Assign to
3.9.4
Milestone
3.9.4 (Past due)
Assign milestone
Time tracking
None
Due date
None
3
Labels
Normal tag:security type:bug
Assign labels
  • View project labels
Reference: alpine/aports#10056