Vulnerability from csaf_suse
Published
2019-03-04 16:42
Modified
2019-03-04 16:42
Summary
Security update for freerdp
Notes
Title of the patch
Security update for freerdp
Description of the patch
This update for freerdp to version 2.0.0~rc4 fixes the following issues:
Security issues fixed:
- CVE-2018-0886: Fix a remote code execution vulnerability (CredSSP) (bsc#1085416, bsc#1087240, bsc#1104918)
- CVE-2018-8789: Fix several denial of service vulnerabilities in the in the NTLM Authentication module (bsc#1117965)
- CVE-2018-8785: Fix a potential remote code execution vulnerability in the zgfx_decompress function (bsc#1117967)
- CVE-2018-8786: Fix a potential remote code execution vulnerability in the update_read_bitmap_update function (bsc#1117966)
- CVE-2018-8787: Fix a potential remote code execution vulnerability in the gdi_Bitmap_Decompress function (bsc#1117964)
- CVE-2018-8788: Fix a potential remote code execution vulnerability in the nsc_rle_decode function (bsc#1117963)
- CVE-2018-8784: Fix a potential remote code execution vulnerability in the zgfx_decompress_segment function (bsc#1116708)
- CVE-2018-1000852: Fixed a remote memory access in the drdynvc_process_capability_request function (bsc#1120507)
Other issues:
- Upgraded to version 2.0.0-rc4 (FATE#326739)
- Security and stability improvements, including bsc#1103557 and bsc#1112028
- gateway: multiple fixes and improvements
- client/X11: support for rail (remote app) icons was added
- The licensing code was re-worked: Per-device licenses are now saved on the
client and used on re-connect:
WARNING: this is a change in FreeRDP behavior regarding licensing. If the old
behavior is required, or no licenses should be saved use the
new command line option +old-license (gh#/FreeRDP/FreeRDP#4979)
- Improved order handling - only orders that were enable during capability exchange are accepted.
WARNING and NOTE: some servers do improperly send orders that weren't negotiated,
for such cases the new command line option /relax-order-checks was added to
disable the strict order checking. If connecting to xrdp the options
/relax-order-checks *and* +glyph-cache are required. (gh#/FreeRDP/FreeRDP#4926)
- Fixed automount issues
- Fixed several audio and microphone related issues
- Fixed X11 Right-Ctrl ungrab feature
- Fixed race condition in rdpsnd channel server.
- Disabled SSE2 for ARM and powerpc
Patchnames
SUSE-2019-539,SUSE-SLE-Module-Development-Tools-OBS-15-2019-539,SUSE-SLE-Product-WE-15-2019-539
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for freerdp", title: "Title of the patch", }, { category: "description", text: "This update for freerdp to version 2.0.0~rc4 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-0886: Fix a remote code execution vulnerability (CredSSP) (bsc#1085416, bsc#1087240, bsc#1104918)\n- CVE-2018-8789: Fix several denial of service vulnerabilities in the in the NTLM Authentication module (bsc#1117965)\n- CVE-2018-8785: Fix a potential remote code execution vulnerability in the zgfx_decompress function (bsc#1117967)\n- CVE-2018-8786: Fix a potential remote code execution vulnerability in the update_read_bitmap_update function (bsc#1117966)\n- CVE-2018-8787: Fix a potential remote code execution vulnerability in the gdi_Bitmap_Decompress function (bsc#1117964)\n- CVE-2018-8788: Fix a potential remote code execution vulnerability in the nsc_rle_decode function (bsc#1117963)\n- CVE-2018-8784: Fix a potential remote code execution vulnerability in the zgfx_decompress_segment function (bsc#1116708)\n- CVE-2018-1000852: Fixed a remote memory access in the drdynvc_process_capability_request function (bsc#1120507)\n\nOther issues:\n\n- Upgraded to version 2.0.0-rc4 (FATE#326739)\n- Security and stability improvements, including bsc#1103557 and bsc#1112028\n- gateway: multiple fixes and improvements\n- client/X11: support for rail (remote app) icons was added\n- The licensing code was re-worked: Per-device licenses are now saved on the\n client and used on re-connect: \n WARNING: this is a change in FreeRDP behavior regarding licensing. If the old\n behavior is required, or no licenses should be saved use the\n new command line option +old-license (gh#/FreeRDP/FreeRDP#4979)\n- Improved order handling - only orders that were enable during capability exchange are accepted.\n WARNING and NOTE: some servers do improperly send orders that weren't negotiated,\n for such cases the new command line option /relax-order-checks was added to\n disable the strict order checking. If connecting to xrdp the options\n /relax-order-checks *and* +glyph-cache are required. (gh#/FreeRDP/FreeRDP#4926)\n- Fixed automount issues\n- Fixed several audio and microphone related issues\n- Fixed X11 Right-Ctrl ungrab feature\n- Fixed race condition in rdpsnd channel server.\n- Disabled SSE2 for ARM and powerpc\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2019-539,SUSE-SLE-Module-Development-Tools-OBS-15-2019-539,SUSE-SLE-Product-WE-15-2019-539", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0539-1.json", }, { category: "self", summary: "URL for SUSE-SU-2019:0539-1", url: "https://www.suse.com/support/update/announcement/2019/suse-su-20190539-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2019:0539-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2019-March/005170.html", }, { category: "self", summary: "SUSE Bug 1085416", url: "https://bugzilla.suse.com/1085416", }, { category: "self", summary: "SUSE Bug 1087240", url: "https://bugzilla.suse.com/1087240", }, { category: "self", summary: "SUSE Bug 1103557", url: "https://bugzilla.suse.com/1103557", }, { category: "self", summary: "SUSE Bug 1104918", url: "https://bugzilla.suse.com/1104918", }, { category: "self", summary: "SUSE Bug 1112028", url: "https://bugzilla.suse.com/1112028", }, { category: "self", summary: "SUSE Bug 1116708", url: "https://bugzilla.suse.com/1116708", }, { category: "self", summary: "SUSE Bug 1117963", url: "https://bugzilla.suse.com/1117963", }, { category: "self", summary: "SUSE Bug 1117964", url: "https://bugzilla.suse.com/1117964", }, { category: "self", summary: "SUSE Bug 1117965", url: "https://bugzilla.suse.com/1117965", }, { category: "self", summary: "SUSE Bug 1117966", url: "https://bugzilla.suse.com/1117966", }, { category: "self", summary: "SUSE Bug 1117967", url: "https://bugzilla.suse.com/1117967", }, { category: "self", summary: "SUSE Bug 1120507", url: "https://bugzilla.suse.com/1120507", }, { category: "self", summary: "SUSE CVE CVE-2018-0886 page", url: "https://www.suse.com/security/cve/CVE-2018-0886/", }, { category: "self", summary: "SUSE CVE CVE-2018-1000852 page", url: "https://www.suse.com/security/cve/CVE-2018-1000852/", }, { category: "self", summary: "SUSE CVE CVE-2018-8784 page", url: "https://www.suse.com/security/cve/CVE-2018-8784/", }, { category: "self", summary: "SUSE CVE CVE-2018-8785 page", url: "https://www.suse.com/security/cve/CVE-2018-8785/", }, { category: "self", summary: "SUSE CVE CVE-2018-8786 page", url: "https://www.suse.com/security/cve/CVE-2018-8786/", }, { category: "self", summary: "SUSE CVE CVE-2018-8787 page", url: "https://www.suse.com/security/cve/CVE-2018-8787/", }, { category: "self", summary: "SUSE CVE CVE-2018-8788 page", url: "https://www.suse.com/security/cve/CVE-2018-8788/", }, { category: "self", summary: "SUSE CVE CVE-2018-8789 page", url: "https://www.suse.com/security/cve/CVE-2018-8789/", }, ], title: "Security update for freerdp", tracking: { current_release_date: "2019-03-04T16:42:27Z", generator: { date: "2019-03-04T16:42:27Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2019:0539-1", initial_release_date: "2019-03-04T16:42:27Z", revision_history: [ { date: "2019-03-04T16:42:27Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "freerdp-2.0.0~rc4-3.3.1.aarch64", product: { name: "freerdp-2.0.0~rc4-3.3.1.aarch64", product_id: "freerdp-2.0.0~rc4-3.3.1.aarch64", }, }, { category: "product_version", name: "freerdp-devel-2.0.0~rc4-3.3.1.aarch64", product: { name: "freerdp-devel-2.0.0~rc4-3.3.1.aarch64", product_id: "freerdp-devel-2.0.0~rc4-3.3.1.aarch64", }, }, { category: "product_version", name: "freerdp-server-2.0.0~rc4-3.3.1.aarch64", product: { name: "freerdp-server-2.0.0~rc4-3.3.1.aarch64", product_id: "freerdp-server-2.0.0~rc4-3.3.1.aarch64", }, }, { category: "product_version", name: "freerdp-wayland-2.0.0~rc4-3.3.1.aarch64", product: { name: "freerdp-wayland-2.0.0~rc4-3.3.1.aarch64", product_id: "freerdp-wayland-2.0.0~rc4-3.3.1.aarch64", }, }, { category: "product_version", name: "libfreerdp2-2.0.0~rc4-3.3.1.aarch64", product: { name: "libfreerdp2-2.0.0~rc4-3.3.1.aarch64", product_id: "libfreerdp2-2.0.0~rc4-3.3.1.aarch64", }, }, { category: "product_version", name: "libuwac0-0-2.0.0~rc4-3.3.1.aarch64", product: { name: "libuwac0-0-2.0.0~rc4-3.3.1.aarch64", product_id: "libuwac0-0-2.0.0~rc4-3.3.1.aarch64", }, }, { category: "product_version", name: "libwinpr2-2.0.0~rc4-3.3.1.aarch64", product: { name: "libwinpr2-2.0.0~rc4-3.3.1.aarch64", product_id: "libwinpr2-2.0.0~rc4-3.3.1.aarch64", }, }, { category: "product_version", name: "uwac0-0-devel-2.0.0~rc4-3.3.1.aarch64", product: { name: "uwac0-0-devel-2.0.0~rc4-3.3.1.aarch64", product_id: "uwac0-0-devel-2.0.0~rc4-3.3.1.aarch64", }, }, { category: "product_version", name: "winpr2-devel-2.0.0~rc4-3.3.1.aarch64", product: { name: "winpr2-devel-2.0.0~rc4-3.3.1.aarch64", product_id: "winpr2-devel-2.0.0~rc4-3.3.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "freerdp-2.0.0~rc4-3.3.1.i586", product: { name: "freerdp-2.0.0~rc4-3.3.1.i586", product_id: "freerdp-2.0.0~rc4-3.3.1.i586", }, }, { category: "product_version", name: "freerdp-devel-2.0.0~rc4-3.3.1.i586", product: { name: "freerdp-devel-2.0.0~rc4-3.3.1.i586", product_id: "freerdp-devel-2.0.0~rc4-3.3.1.i586", }, }, { category: "product_version", name: "freerdp-server-2.0.0~rc4-3.3.1.i586", product: { name: "freerdp-server-2.0.0~rc4-3.3.1.i586", product_id: "freerdp-server-2.0.0~rc4-3.3.1.i586", }, }, { category: "product_version", name: "freerdp-wayland-2.0.0~rc4-3.3.1.i586", product: { name: "freerdp-wayland-2.0.0~rc4-3.3.1.i586", product_id: "freerdp-wayland-2.0.0~rc4-3.3.1.i586", }, }, { category: "product_version", name: "libfreerdp2-2.0.0~rc4-3.3.1.i586", product: { name: "libfreerdp2-2.0.0~rc4-3.3.1.i586", product_id: "libfreerdp2-2.0.0~rc4-3.3.1.i586", }, }, { category: "product_version", name: "libuwac0-0-2.0.0~rc4-3.3.1.i586", product: { name: "libuwac0-0-2.0.0~rc4-3.3.1.i586", product_id: "libuwac0-0-2.0.0~rc4-3.3.1.i586", }, }, { category: "product_version", name: "libwinpr2-2.0.0~rc4-3.3.1.i586", product: { name: "libwinpr2-2.0.0~rc4-3.3.1.i586", product_id: "libwinpr2-2.0.0~rc4-3.3.1.i586", }, }, { category: "product_version", name: "uwac0-0-devel-2.0.0~rc4-3.3.1.i586", product: { name: "uwac0-0-devel-2.0.0~rc4-3.3.1.i586", product_id: "uwac0-0-devel-2.0.0~rc4-3.3.1.i586", }, }, { category: "product_version", name: "winpr2-devel-2.0.0~rc4-3.3.1.i586", product: { name: "winpr2-devel-2.0.0~rc4-3.3.1.i586", product_id: "winpr2-devel-2.0.0~rc4-3.3.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "freerdp-2.0.0~rc4-3.3.1.ppc64le", product: { name: "freerdp-2.0.0~rc4-3.3.1.ppc64le", product_id: "freerdp-2.0.0~rc4-3.3.1.ppc64le", }, }, { category: "product_version", name: "freerdp-devel-2.0.0~rc4-3.3.1.ppc64le", product: { name: "freerdp-devel-2.0.0~rc4-3.3.1.ppc64le", product_id: "freerdp-devel-2.0.0~rc4-3.3.1.ppc64le", }, }, { category: "product_version", name: "freerdp-server-2.0.0~rc4-3.3.1.ppc64le", product: { name: "freerdp-server-2.0.0~rc4-3.3.1.ppc64le", product_id: "freerdp-server-2.0.0~rc4-3.3.1.ppc64le", }, }, { category: "product_version", name: "freerdp-wayland-2.0.0~rc4-3.3.1.ppc64le", product: { name: "freerdp-wayland-2.0.0~rc4-3.3.1.ppc64le", product_id: "freerdp-wayland-2.0.0~rc4-3.3.1.ppc64le", }, }, { category: "product_version", name: "libfreerdp2-2.0.0~rc4-3.3.1.ppc64le", product: { name: "libfreerdp2-2.0.0~rc4-3.3.1.ppc64le", product_id: "libfreerdp2-2.0.0~rc4-3.3.1.ppc64le", }, }, { category: "product_version", name: "libuwac0-0-2.0.0~rc4-3.3.1.ppc64le", product: { name: "libuwac0-0-2.0.0~rc4-3.3.1.ppc64le", product_id: "libuwac0-0-2.0.0~rc4-3.3.1.ppc64le", }, }, { category: "product_version", name: "libwinpr2-2.0.0~rc4-3.3.1.ppc64le", product: { name: "libwinpr2-2.0.0~rc4-3.3.1.ppc64le", product_id: "libwinpr2-2.0.0~rc4-3.3.1.ppc64le", }, }, { category: "product_version", name: "uwac0-0-devel-2.0.0~rc4-3.3.1.ppc64le", product: { name: "uwac0-0-devel-2.0.0~rc4-3.3.1.ppc64le", product_id: "uwac0-0-devel-2.0.0~rc4-3.3.1.ppc64le", }, }, { category: "product_version", name: "winpr2-devel-2.0.0~rc4-3.3.1.ppc64le", product: { name: "winpr2-devel-2.0.0~rc4-3.3.1.ppc64le", product_id: "winpr2-devel-2.0.0~rc4-3.3.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "freerdp-2.0.0~rc4-3.3.1.s390x", product: { name: "freerdp-2.0.0~rc4-3.3.1.s390x", product_id: "freerdp-2.0.0~rc4-3.3.1.s390x", }, }, { category: "product_version", name: "freerdp-devel-2.0.0~rc4-3.3.1.s390x", product: { name: "freerdp-devel-2.0.0~rc4-3.3.1.s390x", product_id: "freerdp-devel-2.0.0~rc4-3.3.1.s390x", }, }, { category: "product_version", name: "freerdp-server-2.0.0~rc4-3.3.1.s390x", product: { name: "freerdp-server-2.0.0~rc4-3.3.1.s390x", product_id: "freerdp-server-2.0.0~rc4-3.3.1.s390x", }, }, { category: "product_version", name: "freerdp-wayland-2.0.0~rc4-3.3.1.s390x", product: { name: "freerdp-wayland-2.0.0~rc4-3.3.1.s390x", product_id: "freerdp-wayland-2.0.0~rc4-3.3.1.s390x", }, }, { category: "product_version", name: "libfreerdp2-2.0.0~rc4-3.3.1.s390x", product: { name: "libfreerdp2-2.0.0~rc4-3.3.1.s390x", product_id: "libfreerdp2-2.0.0~rc4-3.3.1.s390x", }, }, { category: "product_version", name: "libuwac0-0-2.0.0~rc4-3.3.1.s390x", product: { name: "libuwac0-0-2.0.0~rc4-3.3.1.s390x", product_id: "libuwac0-0-2.0.0~rc4-3.3.1.s390x", }, }, { category: "product_version", name: "libwinpr2-2.0.0~rc4-3.3.1.s390x", product: { name: "libwinpr2-2.0.0~rc4-3.3.1.s390x", product_id: "libwinpr2-2.0.0~rc4-3.3.1.s390x", }, }, { category: "product_version", name: "uwac0-0-devel-2.0.0~rc4-3.3.1.s390x", product: { name: "uwac0-0-devel-2.0.0~rc4-3.3.1.s390x", product_id: "uwac0-0-devel-2.0.0~rc4-3.3.1.s390x", }, }, { category: "product_version", name: "winpr2-devel-2.0.0~rc4-3.3.1.s390x", product: { name: "winpr2-devel-2.0.0~rc4-3.3.1.s390x", product_id: "winpr2-devel-2.0.0~rc4-3.3.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "freerdp-2.0.0~rc4-3.3.1.x86_64", product: { name: "freerdp-2.0.0~rc4-3.3.1.x86_64", product_id: "freerdp-2.0.0~rc4-3.3.1.x86_64", }, }, { category: "product_version", name: "freerdp-devel-2.0.0~rc4-3.3.1.x86_64", product: { name: "freerdp-devel-2.0.0~rc4-3.3.1.x86_64", product_id: "freerdp-devel-2.0.0~rc4-3.3.1.x86_64", }, }, { category: "product_version", name: "freerdp-server-2.0.0~rc4-3.3.1.x86_64", product: { name: "freerdp-server-2.0.0~rc4-3.3.1.x86_64", product_id: "freerdp-server-2.0.0~rc4-3.3.1.x86_64", }, }, { category: "product_version", name: "freerdp-wayland-2.0.0~rc4-3.3.1.x86_64", product: { name: "freerdp-wayland-2.0.0~rc4-3.3.1.x86_64", product_id: "freerdp-wayland-2.0.0~rc4-3.3.1.x86_64", }, }, { category: "product_version", name: "libfreerdp2-2.0.0~rc4-3.3.1.x86_64", product: { name: "libfreerdp2-2.0.0~rc4-3.3.1.x86_64", product_id: "libfreerdp2-2.0.0~rc4-3.3.1.x86_64", }, }, { category: "product_version", name: "libuwac0-0-2.0.0~rc4-3.3.1.x86_64", product: { name: "libuwac0-0-2.0.0~rc4-3.3.1.x86_64", product_id: "libuwac0-0-2.0.0~rc4-3.3.1.x86_64", }, }, { category: "product_version", name: "libwinpr2-2.0.0~rc4-3.3.1.x86_64", product: { name: "libwinpr2-2.0.0~rc4-3.3.1.x86_64", product_id: "libwinpr2-2.0.0~rc4-3.3.1.x86_64", }, }, { category: "product_version", name: "uwac0-0-devel-2.0.0~rc4-3.3.1.x86_64", product: { name: "uwac0-0-devel-2.0.0~rc4-3.3.1.x86_64", product_id: "uwac0-0-devel-2.0.0~rc4-3.3.1.x86_64", }, }, { category: "product_version", name: "winpr2-devel-2.0.0~rc4-3.3.1.x86_64", product: { name: "winpr2-devel-2.0.0~rc4-3.3.1.x86_64", product_id: "winpr2-devel-2.0.0~rc4-3.3.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Workstation Extension 15", product: { name: "SUSE Linux Enterprise Workstation Extension 15", product_id: "SUSE Linux Enterprise Workstation Extension 15", product_identification_helper: { cpe: "cpe:/o:suse:sle-we:15", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "freerdp-2.0.0~rc4-3.3.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15", product_id: "SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.3.1.x86_64", }, product_reference: "freerdp-2.0.0~rc4-3.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Workstation Extension 15", }, { category: "default_component_of", full_product_name: { name: "freerdp-devel-2.0.0~rc4-3.3.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15", product_id: "SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.3.1.x86_64", }, product_reference: "freerdp-devel-2.0.0~rc4-3.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Workstation Extension 15", }, { category: "default_component_of", full_product_name: { name: "libfreerdp2-2.0.0~rc4-3.3.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15", product_id: "SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.3.1.x86_64", }, product_reference: "libfreerdp2-2.0.0~rc4-3.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Workstation Extension 15", }, { category: "default_component_of", full_product_name: { name: "libwinpr2-2.0.0~rc4-3.3.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15", product_id: "SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.3.1.x86_64", }, product_reference: "libwinpr2-2.0.0~rc4-3.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Workstation Extension 15", }, { category: "default_component_of", full_product_name: { name: "winpr2-devel-2.0.0~rc4-3.3.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15", product_id: "SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.3.1.x86_64", }, product_reference: "winpr2-devel-2.0.0~rc4-3.3.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Workstation Extension 15", }, ], }, vulnerabilities: [ { cve: "CVE-2018-0886", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-0886", }, ], notes: [ { category: "general", text: "The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709 Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how CredSSP validates request during the authentication process, aka \"CredSSP Remote Code Execution Vulnerability\".", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-0886", url: "https://www.suse.com/security/cve/CVE-2018-0886", }, { category: "external", summary: "SUSE Bug 1085416 for CVE-2018-0886", url: "https://bugzilla.suse.com/1085416", }, { category: "external", summary: "SUSE Bug 1087240 for CVE-2018-0886", url: "https://bugzilla.suse.com/1087240", }, { category: "external", summary: "SUSE Bug 1117963 for CVE-2018-0886", url: "https://bugzilla.suse.com/1117963", }, { category: "external", summary: "SUSE Bug 1131873 for CVE-2018-0886", url: "https://bugzilla.suse.com/1131873", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-03-04T16:42:27Z", details: "important", }, ], title: "CVE-2018-0886", }, { cve: "CVE-2018-1000852", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-1000852", }, ], notes: [ { category: "general", text: "FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-1000852", url: "https://www.suse.com/security/cve/CVE-2018-1000852", }, { category: "external", summary: "SUSE Bug 1117963 for CVE-2018-1000852", url: "https://bugzilla.suse.com/1117963", }, { category: "external", summary: "SUSE Bug 1120507 for CVE-2018-1000852", url: "https://bugzilla.suse.com/1120507", }, { category: "external", summary: "SUSE Bug 1131873 for CVE-2018-1000852", url: "https://bugzilla.suse.com/1131873", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-03-04T16:42:27Z", details: "moderate", }, ], title: "CVE-2018-1000852", }, { cve: "CVE-2018-8784", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-8784", }, ], notes: [ { category: "general", text: "FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress_segment() that results in a memory corruption and probably even a remote code execution.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-8784", url: "https://www.suse.com/security/cve/CVE-2018-8784", }, { category: "external", summary: "SUSE Bug 1116708 for CVE-2018-8784", url: "https://bugzilla.suse.com/1116708", }, { category: "external", summary: "SUSE Bug 1117963 for CVE-2018-8784", url: "https://bugzilla.suse.com/1117963", }, { category: "external", summary: "SUSE Bug 1131873 for CVE-2018-8784", url: "https://bugzilla.suse.com/1131873", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-03-04T16:42:27Z", details: "important", }, ], title: "CVE-2018-8784", }, { cve: "CVE-2018-8785", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-8785", }, ], notes: [ { category: "general", text: "FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-8785", url: "https://www.suse.com/security/cve/CVE-2018-8785", }, { category: "external", summary: "SUSE Bug 1117963 for CVE-2018-8785", url: "https://bugzilla.suse.com/1117963", }, { category: "external", summary: "SUSE Bug 1117967 for CVE-2018-8785", url: "https://bugzilla.suse.com/1117967", }, { category: "external", summary: "SUSE Bug 1131873 for CVE-2018-8785", url: "https://bugzilla.suse.com/1131873", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-03-04T16:42:27Z", details: "important", }, ], title: "CVE-2018-8785", }, { cve: "CVE-2018-8786", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-8786", }, ], notes: [ { category: "general", text: "FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-8786", url: "https://www.suse.com/security/cve/CVE-2018-8786", }, { category: "external", summary: "SUSE Bug 1116708 for CVE-2018-8786", url: "https://bugzilla.suse.com/1116708", }, { category: "external", summary: "SUSE Bug 1117963 for CVE-2018-8786", url: "https://bugzilla.suse.com/1117963", }, { category: "external", summary: "SUSE Bug 1117966 for CVE-2018-8786", url: "https://bugzilla.suse.com/1117966", }, { category: "external", summary: "SUSE Bug 1131873 for CVE-2018-8786", url: "https://bugzilla.suse.com/1131873", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-03-04T16:42:27Z", details: "important", }, ], title: "CVE-2018-8786", }, { cve: "CVE-2018-8787", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-8787", }, ], notes: [ { category: "general", text: "FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a remote code execution.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-8787", url: "https://www.suse.com/security/cve/CVE-2018-8787", }, { category: "external", summary: "SUSE Bug 1116708 for CVE-2018-8787", url: "https://bugzilla.suse.com/1116708", }, { category: "external", summary: "SUSE Bug 1117963 for CVE-2018-8787", url: "https://bugzilla.suse.com/1117963", }, { category: "external", summary: "SUSE Bug 1117964 for CVE-2018-8787", url: "https://bugzilla.suse.com/1117964", }, { category: "external", summary: "SUSE Bug 1131873 for CVE-2018-8787", url: "https://bugzilla.suse.com/1131873", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-03-04T16:42:27Z", details: "important", }, ], title: "CVE-2018-8787", }, { cve: "CVE-2018-8788", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-8788", }, ], notes: [ { category: "general", text: "FreeRDP prior to version 2.0.0-rc4 contains an Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that results in a memory corruption and possibly even a remote code execution.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-8788", url: "https://www.suse.com/security/cve/CVE-2018-8788", }, { category: "external", summary: "SUSE Bug 1116708 for CVE-2018-8788", url: "https://bugzilla.suse.com/1116708", }, { category: "external", summary: "SUSE Bug 1117963 for CVE-2018-8788", url: "https://bugzilla.suse.com/1117963", }, { category: "external", summary: "SUSE Bug 1131873 for CVE-2018-8788", url: "https://bugzilla.suse.com/1131873", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-03-04T16:42:27Z", details: "important", }, ], title: "CVE-2018-8788", }, { cve: "CVE-2018-8789", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-8789", }, ], notes: [ { category: "general", text: "FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in the NTLM Authentication module that results in a Denial of Service (segfault).", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.3.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-8789", url: "https://www.suse.com/security/cve/CVE-2018-8789", }, { category: "external", summary: "SUSE Bug 1117963 for CVE-2018-8789", url: "https://bugzilla.suse.com/1117963", }, { category: "external", summary: "SUSE Bug 1117965 for CVE-2018-8789", url: "https://bugzilla.suse.com/1117965", }, { category: "external", summary: "SUSE Bug 1131873 for CVE-2018-8789", url: "https://bugzilla.suse.com/1131873", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.3.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.3.1.x86_64", "SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.3.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2019-03-04T16:42:27Z", details: "moderate", }, ], title: "CVE-2018-8789", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.