jeans/motioneyeos
jeans/motioneyeos
1
0
Fork 0
mirror of https://github.com/motioneye-project/motioneyeos.git synced 2025-07-24 11:46:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

package/freerdp: security bump to version 2.0.0-rc4

Browse Source 
Fixes the following security issues:

- CVE-2018-8785: FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based
  Buffer Overflow in function zgfx_decompress() that results in a memory
  corruption and probably even a remote code execution.

- CVE-2018-8786: FreeRDP prior to version 2.0.0-rc4 contains an Integer
  Truncation that leads to a Heap-Based Buffer Overflow in function
  update_read_bitmap_update() and results in a memory corruption and
  probably even a remote code execution.

- CVE-2018-8787: FreeRDP prior to version 2.0.0-rc4 contains an Integer
  Overflow that leads to a Heap-Based Buffer Overflow in function
  gdi_Bitmap_Decompress() and results in a memory corruption and probably
  even a remote code execution.

- CVE-2018-8788: FreeRDP prior to version 2.0.0-rc4 contains an
  Out-Of-Bounds Write of up to 4 bytes in function nsc_rle_decode() that
  results in a memory corruption and possibly even a remote code execution.

- CVE-2018-8789: FreeRDP prior to version 2.0.0-rc4 contains several
  Out-Of-Bounds Reads in the NTLM Authentication module that results in a
  Denial of Service (segfault).

For details, see the upstream PR:
https://github.com/FreeRDP/FreeRDP/pull/5031

Add support to set tls security level (for openssl >= 1.1.0), for RDP
protocol version 10 (needed for windows 10 and windows server
2016). Also have some fix and features, see
e21b72c95f

Signed-off-by: Alexey Lukyanchuk <skif@skif-web.ru>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 1e91d89bf1fd8d1a7b4ad18b61925dc5c2631f21)
[Peter: mention security fixes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Alexey Lukyanchuk 2019-04-07 22:06:29 +03:00 committed by Peter Korsgaard
parent 38ee47cc9c
commit 942da943f3
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/freerdp/freerdp.hash
View File

@ -1,3 +1,3 @@
# Locally calculated
sha256 a09e338b996fada44bf1277f423240d0fa82289799e2e5dea9d9c63201554de1 freerdp-2.0.0-rc2.tar.gz
sha256 3406f3bfab63f81c1533029a5bf73949ff60f22f6e155c5a08005b8b8afe6d49 freerdp-2.0.0-rc4.tar.gz
sha256 cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30 LICENSE

2
package/freerdp/freerdp.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
FREERDP_VERSION = 2.0.0-rc2
FREERDP_VERSION = 2.0.0-rc4
FREERDP_SITE = $(call github,FreeRDP,FreeRDP,$(FREERDP_VERSION))
FREERDP_DEPENDENCIES = libglib2 openssl zlib
FREERDP_LICENSE = Apache-2.0