168 lines
6.5 KiB
JSON
168 lines
6.5 KiB
JSON
{
|
||
"Definition": [
|
||
{
|
||
"ID": "oval:org.altlinux.errata:def:20202442",
|
||
"Version": "oval:org.altlinux.errata:def:20202442",
|
||
"Class": "patch",
|
||
"Metadata": {
|
||
"Title": "ALT-PU-2020-2442: package `freerdp` update to version 2.2.0-alt1",
|
||
"AffectedList": [
|
||
{
|
||
"Family": "unix",
|
||
"Platforms": [
|
||
"ALT Linux branch p9"
|
||
],
|
||
"Products": [
|
||
"ALT Server",
|
||
"ALT Virtualization Server",
|
||
"ALT Workstation",
|
||
"ALT Workstation K",
|
||
"ALT Education",
|
||
"Simply Linux",
|
||
"Starterkit"
|
||
]
|
||
}
|
||
],
|
||
"References": [
|
||
{
|
||
"RefID": "ALT-PU-2020-2442",
|
||
"RefURL": "https://errata.altlinux.org/ALT-PU-2020-2442",
|
||
"Source": "ALTPU"
|
||
},
|
||
{
|
||
"RefID": "BDU:2021-01409",
|
||
"RefURL": "https://bdu.fstec.ru/vul/2021-01409",
|
||
"Source": "BDU"
|
||
},
|
||
{
|
||
"RefID": "CVE-2020-15103",
|
||
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2020-15103",
|
||
"Source": "CVE"
|
||
}
|
||
],
|
||
"Description": "This update upgrades freerdp to version 2.2.0-alt1. \nSecurity Fix(es):\n\n * BDU:2021-01409: Уязвимость канала rdpegfx реализации протокола удалённого рабочего стола FreeRDP, связанная с недостатком механизма проверки вводимых данных, позволяющая нарушителю вызвать отказ в обслуживании\n\n * CVE-2020-15103: In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto",
|
||
"Advisory": {
|
||
"From": "errata.altlinux.org",
|
||
"Severity": "Low",
|
||
"Rights": "Copyright 2024 BaseALT Ltd.",
|
||
"Issued": {
|
||
"Date": "2020-07-23"
|
||
},
|
||
"Updated": {
|
||
"Date": "2020-07-23"
|
||
},
|
||
"BDUs": [
|
||
{
|
||
"ID": "BDU:2021-01409",
|
||
"CVSS": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
|
||
"CWE": "CWE-20, CWE-680",
|
||
"Href": "https://bdu.fstec.ru/vul/2021-01409",
|
||
"Impact": "Low",
|
||
"Public": "20200721"
|
||
}
|
||
],
|
||
"CVEs": [
|
||
{
|
||
"ID": "CVE-2020-15103",
|
||
"CVSS": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
|
||
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
|
||
"CWE": "CWE-680",
|
||
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2020-15103",
|
||
"Impact": "Low",
|
||
"Public": "20200727"
|
||
}
|
||
],
|
||
"AffectedCPEs": {
|
||
"CPEs": [
|
||
"cpe:/o:alt:kworkstation:9",
|
||
"cpe:/o:alt:workstation:9",
|
||
"cpe:/o:alt:server:9",
|
||
"cpe:/o:alt:server-v:9",
|
||
"cpe:/o:alt:education:9",
|
||
"cpe:/o:alt:slinux:9",
|
||
"cpe:/o:alt:starterkit:p9",
|
||
"cpe:/o:alt:kworkstation:9.1",
|
||
"cpe:/o:alt:workstation:9.1",
|
||
"cpe:/o:alt:server:9.1",
|
||
"cpe:/o:alt:server-v:9.1",
|
||
"cpe:/o:alt:education:9.1",
|
||
"cpe:/o:alt:slinux:9.1",
|
||
"cpe:/o:alt:starterkit:9.1",
|
||
"cpe:/o:alt:kworkstation:9.2",
|
||
"cpe:/o:alt:workstation:9.2",
|
||
"cpe:/o:alt:server:9.2",
|
||
"cpe:/o:alt:server-v:9.2",
|
||
"cpe:/o:alt:education:9.2",
|
||
"cpe:/o:alt:slinux:9.2",
|
||
"cpe:/o:alt:starterkit:9.2"
|
||
]
|
||
}
|
||
}
|
||
},
|
||
"Criteria": {
|
||
"Operator": "AND",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:1001",
|
||
"Comment": "ALT Linux must be installed"
|
||
}
|
||
],
|
||
"Criterias": [
|
||
{
|
||
"Operator": "OR",
|
||
"Criterions": [
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20202442001",
|
||
"Comment": "freerdp is earlier than 0:2.2.0-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20202442002",
|
||
"Comment": "freerdp-plugins-standard is earlier than 0:2.2.0-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20202442003",
|
||
"Comment": "freerdp-server is earlier than 0:2.2.0-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20202442004",
|
||
"Comment": "libfreerdp is earlier than 0:2.2.0-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20202442005",
|
||
"Comment": "libfreerdp-devel is earlier than 0:2.2.0-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20202442006",
|
||
"Comment": "libfreerdp-server is earlier than 0:2.2.0-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20202442007",
|
||
"Comment": "libuwac is earlier than 0:2.2.0-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20202442008",
|
||
"Comment": "libuwac-devel is earlier than 0:2.2.0-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20202442009",
|
||
"Comment": "libwinpr is earlier than 0:2.2.0-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20202442010",
|
||
"Comment": "libwinpr-devel is earlier than 0:2.2.0-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20202442011",
|
||
"Comment": "wlfreerdp is earlier than 0:2.2.0-alt1"
|
||
},
|
||
{
|
||
"TestRef": "oval:org.altlinux.errata:tst:20202442012",
|
||
"Comment": "xfreerdp is earlier than 0:2.2.0-alt1"
|
||
}
|
||
]
|
||
}
|
||
]
|
||
}
|
||
}
|
||
]
|
||
} |