[3.9] freerdp: Multiple vulnerabilities (CVE-2018-8786, CVE-2018-8787, CVE-2018-8788, CVE-2018-8789)
CVE-2018-8786: FreeRDP prior to version 2.0.0-rc4 contains an
Integer Truncation that leads to a Heap-Based Buffer Overflow in
function update_read_bitmap_update() and results in a memory
corruption and probably even a remote code execution.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-8786
Patch:
https://github.com/FreeRDP/FreeRDP/commit/445a5a42c500ceb80f8fa7f2c11f3682538033f3
CVE-2018-8787: FreeRDP prior to version 2.0.0-rc4 contains an
Integer Overflow that leads to a Heap-Based Buffer Overflow in
function gdi_Bitmap_Decompress() and results in a memory corruption
and probably even a remote code execution.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-8787
Patch:
https://github.com/FreeRDP/FreeRDP/commit/09b9d4f1994a674c4ec85b4947aa656eda1aed8a
CVE-2018-8788: FreeRDP prior to version 2.0.0-rc4 contains an
Out-Of-Bounds Write of up to 4 bytes in
function nsc_rle_decode() that results in a memory corruption and
possibly even a remote code execution.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-8788
Patch:
https://github.com/FreeRDP/FreeRDP/commit/d1112c279bd1a327e8e4d0b5f371458bf2579659
CVE-2018-8789: FreeRDP prior to version 2.0.0-rc4 contains several
Out-Of-Bounds Reads in the NTLM
Authentication module that results in a Denial of Service (segfault).
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-8789
Patch:
https://github.com/FreeRDP/FreeRDP/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6
(from redmine: issue id 10056, created on 2019-03-05, closed on 2019-04-18)
- Changesets:
- Revision 0711692c on 2019-04-17T13:12:48Z:
community/freerdp: security upgrade to 2.0.0_rc4
CVE-2018-8786, CVE-2018-8787, CVE-2018-8788, CVE-2018-8789
Fixes #10056