{"affected":[{"ecosystem_specific":{"binaries":[{"freerdp":"2.0.0~rc4-3.3.1","freerdp-devel":"2.0.0~rc4-3.3.1","libfreerdp2":"2.0.0~rc4-3.3.1","libwinpr2":"2.0.0~rc4-3.3.1","winpr2-devel":"2.0.0~rc4-3.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15","name":"freerdp","purl":"pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.0.0~rc4-3.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for freerdp to version 2.0.0~rc4 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-0886: Fix a remote code execution vulnerability (CredSSP) (bsc#1085416, bsc#1087240, bsc#1104918)\n- CVE-2018-8789: Fix several denial of service vulnerabilities in the in the NTLM Authentication module (bsc#1117965)\n- CVE-2018-8785: Fix a potential remote code execution vulnerability in the zgfx_decompress function (bsc#1117967)\n- CVE-2018-8786: Fix a potential remote code execution vulnerability in the update_read_bitmap_update function (bsc#1117966)\n- CVE-2018-8787: Fix a potential remote code execution vulnerability in the gdi_Bitmap_Decompress function (bsc#1117964)\n- CVE-2018-8788: Fix a potential remote code execution vulnerability in the nsc_rle_decode function (bsc#1117963)\n- CVE-2018-8784: Fix a potential remote code execution vulnerability in the zgfx_decompress_segment function (bsc#1116708)\n- CVE-2018-1000852: Fixed a remote memory access in the drdynvc_process_capability_request function (bsc#1120507)\n\nOther issues:\n\n- Upgraded to version 2.0.0-rc4 (FATE#326739)\n- Security and stability improvements, including bsc#1103557 and bsc#1112028\n- gateway: multiple fixes and improvements\n- client/X11: support for rail (remote app) icons was added\n- The licensing code was re-worked: Per-device licenses are now saved on the\n  client and used on re-connect:        \n      WARNING: this is a change in FreeRDP behavior regarding licensing. If the old\n      behavior is required, or no licenses should be saved use the\n      new command line option +old-license (gh#/FreeRDP/FreeRDP#4979)\n- Improved order handling -  only orders that were enable  during capability exchange are accepted.\n      WARNING and NOTE: some servers do improperly send orders that weren't negotiated,\n      for such cases the new command line option /relax-order-checks was added to\n      disable the strict order checking. If connecting to xrdp the options\n      /relax-order-checks *and* +glyph-cache are required. (gh#/FreeRDP/FreeRDP#4926)\n- Fixed automount issues\n- Fixed several audio and microphone related issues\n- Fixed X11 Right-Ctrl ungrab feature\n- Fixed race condition in rdpsnd channel server.\n- Disabled SSE2 for ARM and powerpc\n","id":"SUSE-SU-2019:0539-1","modified":"2019-03-04T16:42:27Z","published":"2019-03-04T16:42:27Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20190539-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1085416"},{"type":"REPORT","url":"https://bugzilla.suse.com/1087240"},{"type":"REPORT","url":"https://bugzilla.suse.com/1103557"},{"type":"REPORT","url":"https://bugzilla.suse.com/1104918"},{"type":"REPORT","url":"https://bugzilla.suse.com/1112028"},{"type":"REPORT","url":"https://bugzilla.suse.com/1116708"},{"type":"REPORT","url":"https://bugzilla.suse.com/1117963"},{"type":"REPORT","url":"https://bugzilla.suse.com/1117964"},{"type":"REPORT","url":"https://bugzilla.suse.com/1117965"},{"type":"REPORT","url":"https://bugzilla.suse.com/1117966"},{"type":"REPORT","url":"https://bugzilla.suse.com/1117967"},{"type":"REPORT","url":"https://bugzilla.suse.com/1120507"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-0886"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1000852"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-8784"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-8785"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-8786"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-8787"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-8788"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-8789"}],"related":["CVE-2018-0886","CVE-2018-1000852","CVE-2018-8784","CVE-2018-8785","CVE-2018-8786","CVE-2018-8787","CVE-2018-8788","CVE-2018-8789"],"summary":"Security update for freerdp","upstream":["CVE-2018-0886","CVE-2018-1000852","CVE-2018-8784","CVE-2018-8785","CVE-2018-8786","CVE-2018-8787","CVE-2018-8788","CVE-2018-8789"]}