Low: freerdp

Issue Overview:

FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client’s memory… This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3. (CVE-2018-1000852)

Affected Packages:

freerdp

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update freerdp to update your system.

New Packages:

aarch64:  
    freerdp-2.0.0-1.rc4.amzn2.aarch64  
    freerdp-libs-2.0.0-1.rc4.amzn2.aarch64  
    freerdp-devel-2.0.0-1.rc4.amzn2.aarch64  
    libwinpr-2.0.0-1.rc4.amzn2.aarch64  
    libwinpr-devel-2.0.0-1.rc4.amzn2.aarch64  
    freerdp-debuginfo-2.0.0-1.rc4.amzn2.aarch64  
  
i686:  
    freerdp-2.0.0-1.rc4.amzn2.i686  
    freerdp-libs-2.0.0-1.rc4.amzn2.i686  
    freerdp-devel-2.0.0-1.rc4.amzn2.i686  
    libwinpr-2.0.0-1.rc4.amzn2.i686  
    libwinpr-devel-2.0.0-1.rc4.amzn2.i686  
    freerdp-debuginfo-2.0.0-1.rc4.amzn2.i686  
  
src:  
    freerdp-2.0.0-1.rc4.amzn2.src  
  
x86_64:  
    freerdp-2.0.0-1.rc4.amzn2.x86_64  
    freerdp-libs-2.0.0-1.rc4.amzn2.x86_64  
    freerdp-devel-2.0.0-1.rc4.amzn2.x86_64  
    libwinpr-2.0.0-1.rc4.amzn2.x86_64  
    libwinpr-devel-2.0.0-1.rc4.amzn2.x86_64  
    freerdp-debuginfo-2.0.0-1.rc4.amzn2.x86_64  

Additional References

Red Hat: CVE-2018-1000852

Mitre: CVE-2018-1000852