English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.853320
Kategorie:SuSE Local Security Checks
Titel:openSUSE: Security Advisory for freerdp (openSUSE-SU-2020:1090-1)
Zusammenfassung:The remote host is missing an update for the 'freerdp'; package(s) announced via the openSUSE-SU-2020:1090-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'freerdp'
package(s) announced via the openSUSE-SU-2020:1090-1 advisory.

Vulnerability Insight:
This update for freerdp fixes the following issues:

frerdp was updated to version 2.1.2 (bsc#1171441, bsc#1173247 and
jsc#ECO-2006):

- CVE-2020-11017: Fixed a double free which could have denied the server's
service.

- CVE-2020-11018: Fixed an out of bounds read which a malicious clients
could have triggered.

- CVE-2020-11019: Fixed an issue which could have led to denial of service
if logger was set to 'WLOG_TRACE'.

- CVE-2020-11038: Fixed a buffer overflow when /video redirection was used.

- CVE-2020-11039: Fixed an issue which could have allowed arbitrary memory
read and write when USB redirection was enabled.

- CVE-2020-11040: Fixed an out of bounds data read in
clear_decompress_subcode_rlex.

- CVE-2020-11041: Fixed an issue with the configuration for sound backend
which could have led to server's denial of service.

- CVE-2020-11043: Fixed an out of bounds read in
rfx_process_message_tileset.

- CVE-2020-11085: Fixed an out of bounds read in cliprdr_read_format_list.

- CVE-2020-11086: Fixed an out of bounds read in
ntlm_read_ntlm_v2_client_challenge.

- CVE-2020-11087: Fixed an out of bounds read in
ntlm_read_AuthenticateMessage.

- CVE-2020-11088: Fixed an out of bounds read in
ntlm_read_NegotiateMessage.

- CVE-2020-11089: Fixed an out of bounds read in irp function family.

- CVE-2020-11095: Fixed a global out of bounds read in
update_recv_primary_order.

- CVE-2020-11096: Fixed a global out of bounds read in
update_read_cache_bitmap_v3_order.

- CVE-2020-11097: Fixed an out of bounds read in ntlm_av_pair_get.

- CVE-2020-11098: Fixed an out of bounds read in glyph_cache_put.

- CVE-2020-11099: Fixed an out of bounds Read in
license_read_new_or_upgrade_license_packet.

- CVE-2020-11521: Fixed an out of bounds write in planar.c (bsc#1171443).

- CVE-2020-11522: Fixed an out of bounds read in gdi.c (bsc#1171444).

- CVE-2020-11523: Fixed an integer overflow in region.c (bsc#1171445).

- CVE-2020-11524: Fixed an out of bounds write in interleaved.c
(bsc#1171446).

- CVE-2020-11525: Fixed an out of bounds read in bitmap.c (bsc#1171447).

- CVE-2020-11526: Fixed an out of bounds read in
update_recv_secondary_order (bsc#1171674).

- CVE-2020-13396: Fixed an Read in ntlm_read_ChallengeMessage.

- CVE-2020-13397: Fixed an out of bounds read in security_fips_decrypt due
to uninitialized value.

- CVE-2020-13398: Fixed an out of bounds write in crypto_rsa_common.

- CVE-2020-4030: Fixed an out of bounds read in `TrioParse`.

- CVE-2020-4031: Fixed a use after free in gdi_SelectObject.

- CVE-2020-4032: Fixed an int ...

Description truncated. Please see the references for more information.

Affected Software/OS:
'freerdp' package(s) on openSUSE Leap 15.1.

Solution:
Please install the updated package(s).

CVSS Score:
6.5

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2020-4030
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/
http://www.freerdp.com/2020/06/22/2_1_2-released
https://github.com/FreeRDP/FreeRDP/commit/05cd9ea2290d23931f615c1b004d4b2e69074e27
SuSE Security Announcement: openSUSE-SU-2020:1090 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html
https://usn.ubuntu.com/4481-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-4031
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g
https://github.com/FreeRDP/FreeRDP/commit/6d86e20e1e7caaab4f0c7f89e36d32914dbccc52
Common Vulnerability Exposure (CVE) ID: CVE-2020-4032
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc
https://github.com/FreeRDP/FreeRDP/commit/e7bffa64ef5ed70bac94f823e2b95262642f5296
Common Vulnerability Exposure (CVE) ID: CVE-2020-4033
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8
https://github.com/FreeRDP/FreeRDP/commit/0a98c450c58ec150e44781c89aa6f8e7e0f571f5
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.