Robert Frohl changed bug 1171441
What Removed Added
Flags needinfo?  

Comment # 20 on bug 1171441 from 
to facilitate a more complete picture I tried to document the open CVEs, see
below. There might be some missing, because they came in over a few weeks. Feel
free to use this for the changes file.

update to 2.0 fixing:
CVE-2020-11042: out-of-bounds read in update_read_icon_info
CVE-2020-11044: denial of service in update_read_cache_bitmap_v3_order
affecting clients
CVE-2020-11045: out-of-bound read in in update_read_bitmap_data
CVE-2020-11046: out-of-bounds seek in update_read_synchronize
CVE-2020-11047: out-of-bounds read in autodetect_recv_bandwidth_measure_results
CVE-2020-11048: out-of-bounds read in rdp_read_flow_control_pdu
CVE-2020-11049: out-of-bound read of client memory that is then passed on to
the protocol parser

update to 2.1 fixing:
CVE-2020-11017: malicious client can create a double free condition and crash
the server
CVE-2020-11018: malicious clients could trigger out of bound reads causing
memory allocation with random size
CVE-2020-11019: denial of service if logger set to "WLOG_TRACE"
CVE-2020-11038: buffer overflow when using /video redirection
CVE-2020-11039: arbitrary memory read and write when USB redirection enabled
CVE-2020-11040: out-of-bound data read in clear_decompress_subcode_rlex
CVE-2020-11041: denial of service by malicious server related to configuration
for sound backend
CVE-2020-11043: out-of-bounds read in rfx_process_message_tileset
CVE-2020-11085: out-of-bounds read in cliprdr_read_format_list
CVE-2020-11086: out-of-bound read in ntlm_read_ntlm_v2_client_challenge
CVE-2020-11087: out-of-bound read in ntlm_read_AuthenticateMessage
CVE-2020-11088: out-of-bound read in ntlm_read_NegotiateMessage
CVE-2020-11089: out-of-bound read in irp function family


update to 2.1.1 (already mentioned):
CVE-2020-13396: out-of-bounds read  in ntlm_read_ChallengeMessage
CVE-2020-13397: out-of-bounds read in security_fips_decrypt
CVE-2020-13398: out-of-bounds write in crypto_rsa_common

all of these affect both SUSE:SLE-12-SP2:Update and SUSE:SLE-15-SP1:Update,
meaning even in freerdp 2.0 RC4 the fixes for 2.0 are missing.

You are receiving this mail because: