Package "libfreerdp-plugins-standard"
Name: |
libfreerdp-plugins-standard
|
Description: |
RDP client for Windows Terminal Services (plugins)
|
Latest version: |
1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2 |
Release: |
bionic (18.04) |
Level: |
security |
Repository: |
universe |
Head package: |
freerdp |
Homepage: |
http://www.freerdp.com/ |
Links
Download "libfreerdp-plugins-standard"
Other versions of "libfreerdp-plugins-standard" in Bionic
Changelog
freerdp (1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2) bionic-security; urgency=medium
* SECURITY UPDATE: out-of-bounds read in update_read_icon_info
- debian/patches/CVE-2020-11042.patch: check length in
update_read_icon_info.
- CVE-2020-11042
* SECURITY UPDATE: out-of-bound read in update_read_bitmap_data
- debian/patches/CVE-2020-11045.patch: bounds checks in
update_read_bitmap_data.
- CVE-2020-11045
* SECURITY UPDATE: stream out-of-bounds seek in update_read_synchronize
- debian/patches/CVE-2020-11046.patch: bounds checks in
update_read_synchronize.
- CVE-2020-11046
* SECURITY UPDATE: out-of-bounds read in rdp_read_flow_control_pdu
- debian/patches/CVE-2020-11048.patch: boundary checks in
rdp_read_flow_control_pdu.
- CVE-2020-11048
* SECURITY UPDATE: out-of-bounds seek in rdp_read_font_capability_set
- debian/patches/CVE-2020-11058.patch: bounds check in
rdp_read_font_capability_set.
- CVE-2020-11058
* SECURITY UPDATE: out-of-bounds write in planar codec
- debian/patches/CVE-2020-11521.patch: bounds check in planar codec.
- CVE-2020-11521
* SECURITY UPDATE: ut-of-bounds read in gdi.c
- debian/patches/CVE-2020-11522.patch: limit number of DELTA_RECT to
45.
- CVE-2020-11522
* SECURITY UPDATE: integer overflow in region.c
- debian/patches/CVE-2020-11523.patch: clamp invalid rectangles to
size 0.
- CVE-2020-11523
* SECURITY UPDATE: out of bounds read in bitmap_cache_new
- debian/patches/CVE-2020-11525.patch: bounds check in
bitmap_cache_new.
- CVE-2020-11525
* SECURITY UPDATE: out of bounds read in update_recv_orders
- debian/patches/CVE-2020-11526.patch: bounds check in
update_recv_orders.
- CVE-2020-11526
* SECURITY UPDATE:
- debian/patches/CVE-2020-13396.patch: added length checks for data
read from stream. Unified function resource cleanup.
- CVE-2020-13396
* SECURITY UPDATE: out-of-bounds read in security_fips_decrypt
- debian/patches/CVE-2020-13397.patch: fixed GHSL-2020-101 missing
NULL check.
- CVE-2020-13397
* SECURITY UPDATE: out-of-bounds write in crypto_rsa_common
- debian/patches/CVE-2020-13398.patch: fixed GHSL-2020-102 heap
overflow.
- CVE-2020-13398
-- Emilia Torino <email address hidden> Thu, 29 Oct 2020 16:29:56 -0300
|
Source diff to previous version |
CVE-2020-11042 |
In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of |
CVE-2020-11045 |
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image b |
CVE-2020-11046 |
In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read. |
CVE-2020-11048 |
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has be |
CVE-2020-11058 |
In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a res |
CVE-2020-11521 |
libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. |
CVE-2020-11522 |
libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read. |
CVE-2020-11523 |
libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. |
CVE-2020-11525 |
libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. |
CVE-2020-11526 |
libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read. |
CVE-2020-13396 |
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/l |
CVE-2020-13397 |
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/c |
CVE-2020-13398 |
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/cryp |
|
freerdp (1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: Integer truncation in update_read_bitmap_update
- debian/patches/CVE-2018-8786.patch: Promote count to 32-bit integer
type to avoid integer truncation in libfreerdp/core/update.c. Based on
upstream patch.
- CVE-2018-8786
* SECURITY UPDATE: Integer overflow in gdi_Bitmap_Decompress
- debian/patches/CVE-2018-8787.patch: Check for and avoid possible
integer overflow in libfreerdp/gdi/graphics.c. Based on upstream
patch.
- CVE-2018-8787
* SECURITY UPDATE: Buffer overflow in nsc_rle_decode
- debian/patches/CVE-2018-8788.patch: Check for lengths and avoid
possible buffer overflow in libfreerdp/codec/nsc.c and
libfreerdp/codec/nsc_encode.c. Based on upstream patch.
- CVE-2018-8788
* SECURITY UPDATE: Out-of-bounds read in ntlm_read_message_fields_buffer
- debian/patches/CVE-2018-8789.patch: Ensure to use 64-bit integer
type when checking offset against stream length in
winpr/libwinpr/sspi/NTLM/ntlm_message.c. Based on upstream patch.
- CVE-2018-8789
-- Eduardo Barretto <email address hidden> Mon, 27 May 2019 14:14:40 -0300
|
CVE-2018-8786 |
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() |
CVE-2018-8787 |
FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and re |
CVE-2018-8788 |
FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption |
CVE-2018-8789 |
FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfau |
|
About
-
Send Feedback to @ubuntu_updates