Amazon Linux 2 Security Advisory: ALAS-2023-2269
Advisory Release Date: 2023-09-27 22:48 Pacific
Advisory Updated Date: 2023-10-05 22:02 Pacific
FAQs regarding Amazon Linux ALAS/CVE Severity
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. (CVE-2023-39350)
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. (CVE-2023-39351)
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result crafted input can lead to an out of bounds read access which in turn will cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. (CVE-2023-39353)
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. (CVE-2023-39354)
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. (CVE-2023-39356)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8 (CVE-2023-40181)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v (CVE-2023-40186)
NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq (CVE-2023-40188)
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability. (CVE-2023-40567)
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSrc` variables. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability. (CVE-2023-40569)
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. (CVE-2023-40589)
Affected Packages:
freerdp
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update freerdp to update your system.
aarch64:
freerdp-2.11.1-1.amzn2.0.1.aarch64
freerdp-libs-2.11.1-1.amzn2.0.1.aarch64
freerdp-devel-2.11.1-1.amzn2.0.1.aarch64
libwinpr-2.11.1-1.amzn2.0.1.aarch64
libwinpr-devel-2.11.1-1.amzn2.0.1.aarch64
freerdp-debuginfo-2.11.1-1.amzn2.0.1.aarch64
i686:
freerdp-2.11.1-1.amzn2.0.1.i686
freerdp-libs-2.11.1-1.amzn2.0.1.i686
freerdp-devel-2.11.1-1.amzn2.0.1.i686
libwinpr-2.11.1-1.amzn2.0.1.i686
libwinpr-devel-2.11.1-1.amzn2.0.1.i686
freerdp-debuginfo-2.11.1-1.amzn2.0.1.i686
src:
freerdp-2.11.1-1.amzn2.0.1.src
x86_64:
freerdp-2.11.1-1.amzn2.0.1.x86_64
freerdp-libs-2.11.1-1.amzn2.0.1.x86_64
freerdp-devel-2.11.1-1.amzn2.0.1.x86_64
libwinpr-2.11.1-1.amzn2.0.1.x86_64
libwinpr-devel-2.11.1-1.amzn2.0.1.x86_64
freerdp-debuginfo-2.11.1-1.amzn2.0.1.x86_64