[3.9] freerdp: Multiple vulnerabilities (CVE-2018-8786, CVE-2018-8787, CVE-2018-8788, CVE-2018-8789) (#10056) · Issues · alpine / aports

[3.9] freerdp: Multiple vulnerabilities (CVE-2018-8786, CVE-2018-8787, CVE-2018-8788, CVE-2018-8789)

CVE-2018-8786: FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in
function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-8786

Patch:

https://github.com/FreeRDP/FreeRDP/commit/445a5a42c500ceb80f8fa7f2c11f3682538033f3

CVE-2018-8787: FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in
function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-8787

Patch:

https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a

CVE-2018-8788: FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in
function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-8788

Patch:

https://github.com/FreeRDP/FreeRDP/commit/d1112c279bd1a327e8e4d0b5f371458bf2579659

CVE-2018-8789: FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM
Authentication module that results in a Denial of Service (segfault).

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-8789

Patch:

https://github.com/FreeRDP/FreeRDP/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6

(from redmine: issue id 10056, created on 2019-03-05, closed on 2019-04-18)

Changesets:
- Revision 0711692c on 2019-04-17T13:12:48Z:

community/freerdp: security upgrade to 2.0.0_rc4

CVE-2018-8786, CVE-2018-8787, CVE-2018-8788, CVE-2018-8789

Fixes #10056

**CVE-2018-8786**: FreeRDP prior to version 2.0.0-rc4 contains an
Integer Truncation that leads to a Heap-Based Buffer Overflow in  
function update\_read\_bitmap\_update() and results in a memory
corruption and probably even a remote code execution.

### Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-8786

### Patch:

https://github.com/FreeRDP/FreeRDP/commit/445a5a42c500ceb80f8fa7f2c11f3682538033f3

**CVE-2018-8787**: FreeRDP prior to version 2.0.0-rc4 contains an
Integer Overflow that leads to a Heap-Based Buffer Overflow in  
function gdi\_Bitmap\_Decompress() and results in a memory corruption
and probably even a remote code execution.

### Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-8787

### Patch:

https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a

**CVE-2018-8788**: FreeRDP prior to version 2.0.0-rc4 contains an
Out-Of-Bounds Write of up to 4 bytes in  
function nsc\_rle\_decode() that results in a memory corruption and
possibly even a remote code execution.

### Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-8788

### Patch:

https://github.com/FreeRDP/FreeRDP/commit/d1112c279bd1a327e8e4d0b5f371458bf2579659

**CVE-2018-8789**: FreeRDP prior to version 2.0.0-rc4 contains several
Out-Of-Bounds Reads in the NTLM  
Authentication module that results in a Denial of Service (segfault).

### Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-8789

### Patch:

https://github.com/FreeRDP/FreeRDP/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6

*(from redmine: issue id 10056, created on 2019-03-05, closed on 2019-04-18)*

* Changesets:
  * Revision 0711692c669f13dd536c845cb15cb205c9e88d12 on 2019-04-17T13:12:48Z:

```
community/freerdp: security upgrade to 2.0.0_rc4

CVE-2018-8786, CVE-2018-8787, CVE-2018-8788, CVE-2018-8789

Fixes #10056
```

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information