====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN368
_____________________________________________________________________

DATE                : 29/06/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running FreeRDP versions prior to 2.1.2.

=====================================================================
http://www.freerdp.com/2020/06/22/2_1_2-released
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8
_____________________________________________________________________


2.1.2 released

We are happy to announce that 2.1.2 is released.

2.1.2 is mainly a security and bug fix release that addresses multiple
security issues indentified by Antonio Morales from GitHub Security Lab
(GHSL). If you are using any earlier version of FreeRDP we recommend
updating to 2.1.2. The security advisories will be published on the
FreeRDP security advisory page on GitHub.

As usual the tar archive can be found on
https://pub.freerdp.com/releases/ and here is the link to the GitHub
release page

Since 2.1.1 there have been around 60 commits, from about 11 individual
contributors. Thank you all for your support!.

Besides the mentioned fixes there are also some stability and other
improvements. If you are interested in in the changes since 2.1.1 have a
look at the Changelog respectively the GitHub milestone or use git log
for a detailed list.

_____________________________________________________________________


OOB read in `TrioParse`
akallabeth published GHSA-fjr5-97f5-qq98 Jun 22, 2020

Severity
    low

Packages

    FreeRDP

Affected versions
    <= 2.1.1

Patched versions
    2.1.2

CVE identifier
    CVE-2020-4030

Impact

    All clients and servers
    Logging might bypass string length checks due to an integer overflow

Patches
Workarounds

None
References

GHSL-2020-106


_____________________________________________________________________


Integer casting vulnerability in `update_recv_secondary_order`
akallabeth published GHSA-3898-mc89-x2vc Jun 22, 2020

Severity
    low

Packages

    FreeRDP

Affected versions
    <= 2.1.1

Patched versions
    2.1.2

CVE identifier
    CVE-2020-4032

Impact

    All clients with +glyph-cache /relax-order-checks

Patches

Has the problem been patched? What versions should users upgrade to?

Workarounds

Do not use /relax-order-checks or +glyph-cache
References

GHSL-2020-125


_____________________________________________________________________


Use-After-Free in gdi_SelectObject
akallabeth published GHSA-gwcq-hpq2-m74g Jun 22, 2020

Severity
    moderate

Packages

    FreeRDP

Affected versions
    <= 2.1.1

Patched versions
    2.1.2

CVE identifier
    CVE-2020-4031

Impact

    All FreeRDP based clients using compatibility mode with
/relax-order-checks
    Crash due to double free

Workarounds

Do not use /relax-order-checks


References

GHSL-2020-129


_____________________________________________________________________


OOB Read in RLEDECOMPRESS
akallabeth published GHSA-7rhj-856w-82p8 Jun 22, 2020

Severity
    low

Packages

    FreeRDP

Affected versions
    <= 2.1.1

Patched versions
    2.1.2

CVE identifier
    CVE-2020-4033

Impact

    All FreeRDP based clients with sessions with color depth < 32
    Out of bound read of up to 4 bytes

Workarounds

Connect using /bpp:32


References

GHSL-2020-128



=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================