-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2979
                          freerdp security update
                              31 August 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           freerdp
Publisher:         Debian
Operating System:  Debian GNU/Linux 9
Impact/Access:     Execute Arbitrary Code/Commands -- Existing Account      
                   Denial of Service               -- Remote/Unauthenticated
                   Access Confidential Data        -- Remote/Unauthenticated
                   Reduced Security                -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-13398 CVE-2020-13397 CVE-2020-13396
                   CVE-2020-11526 CVE-2020-11525 CVE-2020-11523
                   CVE-2020-11522 CVE-2020-11521 CVE-2020-11058
                   CVE-2020-11048 CVE-2020-11046 CVE-2020-11045
                   CVE-2020-11042 CVE-2020-1339 CVE-2020-1152
                   CVE-2014-0791  

Reference:         ASB-2020.0140
                   ESB-2020.2847
                   ESB-2020.2611
                   ESB-2020.2527
                   ESB-2020.1986

Original Bulletin: 
   https://www.debian.org/lts/security/2020/dla-2356

- --------------------------BEGIN INCLUDED TEXT--------------------

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2356-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                         Mike Gabriel
August 30, 2020                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : freerdp
Version        : 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4
CVE ID         : CVE-2014-0791 CVE-2020-11042 CVE-2020-11045 CVE-2020-11046
                 CVE-2020-11048 CVE-2020-11058 CVE-2020-11521 CVE-2020-11522
                 CVE-2020-11523 CVE-2020-11525 CVE-2020-11526 CVE-2020-13396
                 CVE-2020-13397 CVE-2020-13398

Several vulnerabilites have been reported against FreeRDP, an Open Source
server and client implementation of the Microsoft RDP protocol.

CVE-2014-0791

    An integer overflow in the license_read_scope_list function in
    libfreerdp/core/license.c in FreeRDP allowed remote RDP
    servers to cause a denial of service (application crash) or possibly
    have unspecified other impact via a large ScopeCount value in a Scope
    List in a Server License Request packet.

CVE-2020-11042

    In FreeRDP there was an out-of-bounds read in update_read_icon_info.
    It allowed reading an attacker-defined amount of client memory (32bit
    unsigned -> 4GB) to an intermediate buffer. This could have been used
    to crash the client or store information for later retrieval.

CVE-2020-11045

    In FreeRDP there was an out-of-bound read in in
    update_read_bitmap_data that allowed client memory to be read to an
    image buffer. The result displayed on screen as colour.

CVE-2020-11046

    In FreeRDP there was a stream out-of-bounds seek in
    update_read_synchronize that could have lead to a later out-of-bounds
    read.

CVE-2020-11048

    In FreeRDP there was an out-of-bounds read. It only allowed to abort
    a session. No data extraction was possible.

CVE-2020-11058

    In FreeRDP, a stream out-of-bounds seek in
    rdp_read_font_capability_set could have lead to a later out-of-bounds
    read. As a result, a manipulated client or server might have forced a
    disconnect due to an invalid data read.

CVE-2020-11521

    libfreerdp/codec/planar.c in FreeRDP had an Out-of-bounds Write.

CVE-2020-11522

    libfreerdp/gdi/gdi.c in FreeRDP had an Out-of-bounds Read.

CVE-2020-11523

    libfreerdp/gdi/region.c in FreeRDP had an Integer Overflow.

CVE-2020-11525

    libfreerdp/cache/bitmap.c in FreeRDP had an Out of bounds read.

CVE-2020-11526

    libfreerdp/core/update.c in FreeRDP had an Out-of-bounds Read.

CVE-2020-13396

    An out-of-bounds (OOB) read vulnerability has been detected in
    ntlm_read_ChallengeMessage in
    winpr/libwinpr/sspi/NTLM/ntlm_message.c.

CVE-2020-13397

    An out-of-bounds (OOB) read vulnerability has been detected in
    security_fips_decrypt in libfreerdp/core/security.c due to an
    uninitialized value.

CVE-2020-13398

    An out-of-bounds (OOB) write vulnerability has been detected in
    crypto_rsa_common in libfreerdp/crypto/crypto.c.

For Debian 9 stretch, these problems have been fixed in version
1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4.

We recommend that you upgrade your freerdp packages.

For the detailed security status of freerdp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/freerdp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

- --

mike gabriel aka sunweaver (Debian Developer)
fon: +49 (1520) 1976 148

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: sunweaver@debian.org, http://sunweavers.net


- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl9K6hMACgkQmvRrMCV3
GzFFyw//avf+REmNqcAyJZg/SC4lDi6Iise+yrj5bAc46/NoDnbulgVJY+vl3N5f
3PpTcQAbIEogpAU5bfJ7LR/2ms468UfJUpNNTrWan3+/Xzw3COjLToYAzrDdzsd9
51ddVCDBHw3pEsTmYz+SNjMnZw9hos/0/5hEGdVis9QuUh/2UvpniYP/OxbYWGtS
PMsyOQ/yXBl1d3sBGBqZ/xJMIas9FlV9cZwinAfmIx/4dLjSmimrGWVzZAlcWNS1
oKmbp1JrNNeUSSdMZN/qxOSeA7b6HaPQk9hLcaeGXWaUaiFr1kN6GQbaFpt+Qegy
scNoCfe2r7kFSRhM7QtEl+thZyS03qcqcHpo839sZDpnTn1tGb9blo2F7CfneY7y
aO4u6UgR/N6IG31WsbyOdaO8f55/r4ZZgj7bm8ydzkxrEzs/8MbgpOdCr0FdVVK+
0ngAdB7S5IJtZKWdMRIKPKpjI41SpIEEtva++IQ1C2q6rKnPLkeOsQ1DLwUpQwLu
NI/BceswhmvphFapuZaWQn2rWjrQ8LCG5COuwgtm/mp8fWZ5oTyRuAPBoDiZEmsS
iv+ras1K5q0/ByoSykah/jlaq8ICXRpkhFfr1120xTt7Ze9um7W15OQFUmsXKMqE
6SpBEXpLbbGrUG77XKS8330Izp/2EK2/MMzGlnN3+qiQeqqbeAo=
=PcVG
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBX0yExuNLKJtyKPYoAQgYFA/8Cm8r+iVCjt9xDBSg18OzQWcQ8wO0afa3
WeqUtT8wjvZ3gOZEY5QVOU9FJSiIiMWUJNH6ae9dq154DBrQXGCWt0139jW+Y8ke
IjZEIs6uVKwUUp4OlMi6Nlu0S1bhksD3UzCoMkc4PQ1D1ijSxjoukFMVCgdjbNR3
Se1eypZhnvatN4sFU2Rcdm7SB4vOovcQc+YGVJ+h2ZBKWtSeUefzqZjq68JaI4Wg
kUK0Oem4Cam+lC8ld8KKEwJhQNufYL+uc88diH/Kh2NXl9ntN7lMJTJZvWcgqtst
YffGwB9bmNq8DtAzMNeEAOi05T7g7KiyG+yOkLtXEn70ihRuqLGFu0rxarH8SSwr
uNE8ON/WxOvQ1fv9LKu7/USC9G2Vt79VRJm+AjSo0dNiga8iuBiKxNohhI3j70lx
+h3Xmdu1ddmEkoI7HqvTbMzkLgWIoSmTwSUufMoNF0q1xKpHXpI5/FT2ZuNOyKwe
NpRKbpEpuV3ZK3E4IL48gwuYpSBi5V7/c0l+jN7KJRFJaA5YFLauATlnBJfpTGDI
MuhMet29pvuYbuvbh8MQNUUIJt3hcQpqJjbO4Y7lZUKffqghtsvBg6fdp02jf7af
O67jiNaG+CXDg6/Ji9URTLB7EuPkkpRzinSxVbZL3jyj1sRpXgYugmWIPYvQuIoD
UymOrmzGJPI=
=BiUP
-----END PGP SIGNATURE-----