openSUSE-SU-2019:0325-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2019:0325-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2019:0325-1
- Related
- Published
- 2019-03-23T11:14:11Z
- Modified
- 2019-03-23T11:14:11Z
- Summary
- Security update for freerdp
- Details
-
This update for freerdp to version 2.0.0~rc4 fixes the following issues:
Security issues fixed:
- CVE-2018-0886: Fix a remote code execution vulnerability (CredSSP) (bsc#1085416, bsc#1087240, bsc#1104918)
- CVE-2018-8789: Fix several denial of service vulnerabilities in the in the NTLM Authentication module (bsc#1117965)
- CVE-2018-8785: Fix a potential remote code execution vulnerability in the zgfx_decompress function (bsc#1117967)
- CVE-2018-8786: Fix a potential remote code execution vulnerability in the updatereadbitmap_update function (bsc#1117966)
- CVE-2018-8787: Fix a potential remote code execution vulnerability in the gdiBitmapDecompress function (bsc#1117964)
- CVE-2018-8788: Fix a potential remote code execution vulnerability in the nscrledecode function (bsc#1117963)
- CVE-2018-8784: Fix a potential remote code execution vulnerability in the zgfxdecompresssegment function (bsc#1116708)
- CVE-2018-1000852: Fixed a remote memory access in the drdynvcprocesscapability_request function (bsc#1120507)
Other issues:
- Upgraded to version 2.0.0-rc4 (FATE#326739)
- Security and stability improvements, including bsc#1103557 and bsc#1112028
- gateway: multiple fixes and improvements
- client/X11: support for rail (remote app) icons was added
- The licensing code was re-worked: Per-device licenses are now saved on the
client and used on re-connect:
WARNING: this is a change in FreeRDP behavior regarding licensing. If the old behavior is required, or no licenses should be saved use the new command line option +old-license (gh#/FreeRDP/FreeRDP#4979) - Improved order handling - only orders that were enable during capability exchange are accepted. WARNING and NOTE: some servers do improperly send orders that weren't negotiated, for such cases the new command line option /relax-order-checks was added to disable the strict order checking. If connecting to xrdp the options /relax-order-checks and +glyph-cache are required. (gh#/FreeRDP/FreeRDP#4926)
- Fixed automount issues
- Fixed several audio and microphone related issues
- Fixed X11 Right-Ctrl ungrab feature
- Fixed race condition in rdpsnd channel server.
- Disabled SSE2 for ARM and powerpc
This update was imported from the SUSE:SLE-15:Update update project.
- References
-
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MIETP2PR4Q4SATLCVO5M3PMEMOFCHU4C/#MIETP2PR4Q4SATLCVO5M3PMEMOFCHU4C
- https://bugzilla.suse.com/1085416
- https://bugzilla.suse.com/1087240
- https://bugzilla.suse.com/1103557
- https://bugzilla.suse.com/1104918
- https://bugzilla.suse.com/1112028
- https://bugzilla.suse.com/1116708
- https://bugzilla.suse.com/1117963
- https://bugzilla.suse.com/1117964
- https://bugzilla.suse.com/1117965
- https://bugzilla.suse.com/1117966
- https://bugzilla.suse.com/1117967
- https://bugzilla.suse.com/1120507
- https://www.suse.com/security/cve/CVE-2018-0886
- https://www.suse.com/security/cve/CVE-2018-1000852
- https://www.suse.com/security/cve/CVE-2018-8784
- https://www.suse.com/security/cve/CVE-2018-8785
- https://www.suse.com/security/cve/CVE-2018-8786
- https://www.suse.com/security/cve/CVE-2018-8787
- https://www.suse.com/security/cve/CVE-2018-8788
- https://www.suse.com/security/cve/CVE-2018-8789