jiachao2130/cvrf2cusa
1
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d1132d88d2
cvrf2cusa/cvrf/2021/cvrf-openEuler-SA-2021-1008.xml
Jia Chao 0b34274085 git mv 
Signed-off-by: Jia Chao <jiac13@chinaunicom.cn>
2024-07-25 09:57:37 +08:00

464 lines
23 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<cvrfdoc xmlns="http://www.icasi.org/CVRF/schema/cvrf/1.1" xmlns:cvrf="http://www.icasi.org/CVRF/schema/cvrf/1.1">
<DocumentTitle xml:lang="en">An update for freerdp is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1</DocumentTitle>
<DocumentType>Security Advisory</DocumentType>
<DocumentPublisher Type="Vendor">
<ContactDetails>openeuler-security@openeuler.org</ContactDetails>
<IssuingAuthority>openEuler security committee</IssuingAuthority>
</DocumentPublisher>
<DocumentTracking>
<Identification>
<ID>openEuler-SA-2021-1008</ID>
</Identification>
<Status>Final</Status>
<Version>1.0</Version>
<RevisionHistory>
<Revision>
<Number>1.0</Number>
<Date>2021-02-04</Date>
<Description>Initial</Description>
</Revision>
</RevisionHistory>
<InitialReleaseDate>2021-02-04</InitialReleaseDate>
<CurrentReleaseDate>2021-02-04</CurrentReleaseDate>
<Generator>
<Engine>openEuler SA Tool V1.0</Engine>
<Date>2021-02-04</Date>
</Generator>
</DocumentTracking>
<DocumentNotes>
<Note Title="Synopsis" Type="General" Ordinal="1" xml:lang="en">freerdp security update</Note>
<Note Title="Summary" Type="General" Ordinal="2" xml:lang="en">An update for freerdp is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1.</Note>
<Note Title="Description" Type="General" Ordinal="3" xml:lang="en">FreeRDP is a client implementation of the Remote Desktop Protocol (RDP) that follows Microsoft's open specifications. This package provides the client applications xfreerdp and wlfreerdp.\r\n\r\n
Security Fix(es):\r\n\r\n
libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.(CVE-2020-11526)\r\n\r\n
In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0.(CVE-2020-11044)\r\n\r\n
In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0.(CVE-2020-11042)\r\n\r\n
In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.(CVE-2020-11095)\r\n\r\n
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour.(CVE-2020-11045)\r\n\r\n
libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read.(CVE-2020-11522)\r\n\r\n
libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.(CVE-2020-11524)\r\n\r\n
libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.(CVE-2020-11521)\r\n\r\n
libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read.(CVE-2020-11525)\r\n\r\n
libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.(CVE-2020-11521)\r\n\r\n
libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.(CVE-2019-17177)\r\n\r\n</Note>
<Note Title="Topic" Type="General" Ordinal="4" xml:lang="en">An update for freerdp is now available for openEuler-20.03-LTS and openEuler-20.03-LTS-SP1.\r\n\r\n
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.</Note>
<Note Title="Severity" Type="General" Ordinal="5" xml:lang="en">Medium</Note>
<Note Title="Affected Component" Type="General" Ordinal="6" xml:lang="en">freerdp</Note>
</DocumentNotes>
<DocumentReferences>
<Reference Type="Self">
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1008</URL>
</Reference>
<Reference Type="openEuler CVE">
<URL>https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-11526</URL>
<URL>https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-11044</URL>
<URL>https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-11042</URL>
<URL>https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-11095</URL>
<URL>https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-11045</URL>
<URL>https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-11522</URL>
<URL>https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-11524</URL>
<URL>https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-11521</URL>
<URL>https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-11525</URL>
<URL>https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-11523</URL>
<URL>https://openeuler.org/en/security/cve/detail.html?id=CVE-2019-17177</URL>
</Reference>
<Reference Type="Other">
<URL>https://nvd.nist.gov/vuln/detail/CVE-2020-11526</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2020-11044</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2020-11042</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2020-11095</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2020-11045</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2020-11522</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2020-11524</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2020-11521</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2020-11525</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2020-11523</URL>
<URL>https://nvd.nist.gov/vuln/detail/CVE-2019-17177</URL>
</Reference>
</DocumentReferences>
<ProductTree xmlns="http://www.icasi.org/CVRF/schema/prod/1.1">
<Branch Type="Product Name" Name="openEuler">
<FullProductName ProductID="openEuler-20.03-LTS" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">openEuler-20.03-LTS</FullProductName>
<FullProductName ProductID="openEuler-20.03-LTS-SP1" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">openEuler-20.03-LTS-SP1</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="aarch64">
<FullProductName ProductID="freerdp-debugsource-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">freerdp-debugsource-2.2.0-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libwinpr-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">libwinpr-2.2.0-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="freerdp-help-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">freerdp-help-2.2.0-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="freerdp-debuginfo-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">freerdp-debuginfo-2.2.0-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libwinpr-devel-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">libwinpr-devel-2.2.0-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="freerdp-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">freerdp-2.2.0-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="freerdp-devel-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">freerdp-devel-2.2.0-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="freerdp-debugsource-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">freerdp-debugsource-2.2.0-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libwinpr-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libwinpr-2.2.0-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="freerdp-help-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">freerdp-help-2.2.0-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="freerdp-debuginfo-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">freerdp-debuginfo-2.2.0-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="libwinpr-devel-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libwinpr-devel-2.2.0-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="freerdp-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">freerdp-2.2.0-2.oe1.aarch64.rpm</FullProductName>
<FullProductName ProductID="freerdp-devel-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">freerdp-devel-2.2.0-2.oe1.aarch64.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="src">
<FullProductName ProductID="freerdp-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">freerdp-2.2.0-2.oe1.src.rpm</FullProductName>
<FullProductName ProductID="freerdp-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">freerdp-2.2.0-2.oe1.src.rpm</FullProductName>
</Branch>
<Branch Type="Package Arch" Name="x86_64">
<FullProductName ProductID="libwinpr-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">libwinpr-2.2.0-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libwinpr-devel-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">libwinpr-devel-2.2.0-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="freerdp-devel-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">freerdp-devel-2.2.0-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="freerdp-help-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">freerdp-help-2.2.0-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="freerdp-debuginfo-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">freerdp-debuginfo-2.2.0-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="freerdp-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">freerdp-2.2.0-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="freerdp-debugsource-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS">freerdp-debugsource-2.2.0-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libwinpr-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libwinpr-2.2.0-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="libwinpr-devel-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">libwinpr-devel-2.2.0-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="freerdp-devel-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">freerdp-devel-2.2.0-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="freerdp-help-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">freerdp-help-2.2.0-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="freerdp-debuginfo-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">freerdp-debuginfo-2.2.0-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="freerdp-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">freerdp-2.2.0-2.oe1.x86_64.rpm</FullProductName>
<FullProductName ProductID="freerdp-debugsource-2.2.0-2" CPE="cpe:/a:openEuler:openEuler:20.03-LTS-SP1">freerdp-debugsource-2.2.0-2.oe1.x86_64.rpm</FullProductName>
</Branch>
</ProductTree>
<Vulnerability Ordinal="1" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="1" xml:lang="en">libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.</Note>
</Notes>
<ReleaseDate>2021-02-04</ReleaseDate>
<CVE>CVE-2020-11526</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS</ProductID>
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Low</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>2.2</BaseScore>
<Vector>AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>freerdp security update</Description>
<DATE>2021-02-04</DATE>
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1008</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="2" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="2" xml:lang="en">In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0.</Note>
</Notes>
<ReleaseDate>2021-02-04</ReleaseDate>
<CVE>CVE-2020-11044</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS</ProductID>
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Low</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>2.2</BaseScore>
<Vector>AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>freerdp security update</Description>
<DATE>2021-02-04</DATE>
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1008</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="3" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="3" xml:lang="en">In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0.</Note>
</Notes>
<ReleaseDate>2021-02-04</ReleaseDate>
<CVE>CVE-2020-11042</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS</ProductID>
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>5.9</BaseScore>
<Vector>AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>freerdp security update</Description>
<DATE>2021-02-04</DATE>
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1008</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="4" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="4" xml:lang="en">In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.</Note>
</Notes>
<ReleaseDate>2021-02-04</ReleaseDate>
<CVE>CVE-2020-11095</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS</ProductID>
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>5.4</BaseScore>
<Vector>AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>freerdp security update</Description>
<DATE>2021-02-04</DATE>
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1008</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="5" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="5" xml:lang="en">In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour.</Note>
</Notes>
<ReleaseDate>2021-02-04</ReleaseDate>
<CVE>CVE-2020-11045</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS</ProductID>
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Low</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>3.3</BaseScore>
<Vector>AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>freerdp security update</Description>
<DATE>2021-02-04</DATE>
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1008</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="6" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="5" xml:lang="en">libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read.</Note>
</Notes>
<ReleaseDate>2021-02-04</ReleaseDate>
<CVE>CVE-2020-11522</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS</ProductID>
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>6.5</BaseScore>
<Vector>AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>freerdp security update</Description>
<DATE>2021-02-04</DATE>
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1008</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="7" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="5" xml:lang="en">libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.</Note>
</Notes>
<ReleaseDate>2021-02-04</ReleaseDate>
<CVE>CVE-2020-11524</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS</ProductID>
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>6.6</BaseScore>
<Vector>AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>freerdp security update</Description>
<DATE>2021-02-04</DATE>
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1008</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="8" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="5" xml:lang="en">libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow.</Note>
</Notes>
<ReleaseDate>2021-02-04</ReleaseDate>
<CVE>CVE-2020-11523</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS</ProductID>
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>6.6</BaseScore>
<Vector>AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>freerdp security update</Description>
<DATE>2021-02-04</DATE>
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1008</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="9" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="5" xml:lang="en">libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read.</Note>
</Notes>
<ReleaseDate>2021-02-04</ReleaseDate>
<CVE>CVE-2020-11525</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS</ProductID>
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Low</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>2.2</BaseScore>
<Vector>AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>freerdp security update</Description>
<DATE>2021-02-04</DATE>
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1008</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="10" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="5" xml:lang="en">libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.</Note>
</Notes>
<ReleaseDate>2021-02-04</ReleaseDate>
<CVE>CVE-2020-11521</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS</ProductID>
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>Medium</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>6.6</BaseScore>
<Vector>AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>freerdp security update</Description>
<DATE>2021-02-04</DATE>
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1008</URL>
</Remediation>
</Remediations>
</Vulnerability>
<Vulnerability Ordinal="11" xmlns="http://www.icasi.org/CVRF/schema/vuln/1.1">
<Notes>
<Note Title="Vulnerability Description" Type="General" Ordinal="5" xml:lang="en">libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value.</Note>
</Notes>
<ReleaseDate>2021-02-04</ReleaseDate>
<CVE>CVE-2019-17177</CVE>
<ProductStatuses>
<Status Type="Fixed">
<ProductID>openEuler-20.03-LTS</ProductID>
<ProductID>openEuler-20.03-LTS-SP1</ProductID>
</Status>
</ProductStatuses>
<Threats>
<Threat Type="Impact">
<Description>High</Description>
</Threat>
</Threats>
<CVSSScoreSets>
<ScoreSet>
<BaseScore>7.5</BaseScore>
<Vector>AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H</Vector>
</ScoreSet>
</CVSSScoreSets>
<Remediations>
<Remediation Type="Vendor Fix">
<Description>freerdp security update</Description>
<DATE>2021-02-04</DATE>
<URL>https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1008</URL>
</Remediation>
</Remediations>
</Vulnerability>
</cvrfdoc>
Reference in New Issue View Git Blame Copy Permalink