Bug 1085416 - (CVE-2018-0886) FreeRDP/Remmina can not connect to Windows 7-10 with March 2018 updates
(CVE-2018-0886)
FreeRDP/Remmina can not connect to Windows 7-10 with March 2018 updates
Status: RESOLVED FIXED
: 1086109 1086546 (view as bug list)
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Other
Leap 42.3
Other Other
: P5 - None : Major (vote)
: ---
Assigned To: Felix Zhang
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-03-15 07:33 UTC by Johannes Weberhofer
Modified: 2020-08-18 19:15 UTC (History)
11 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Weberhofer 2018-03-15 07:33:14 UTC
This issue results on a fix for windows "CredSSP updates for CVE-2018-0886" as described in https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018

Windows 10 (KB4088776)
Windows Server 2016 (KB4088787)
Windows 8.1 (KB4088876)
Windows Server 2012 R2 (KB4088876)
Windows 7 SP1 (KB4088875)
Windows Server 2008 R2 SP1 (KB4088875)

The related FreeRDP/Remmina tickets are:
* https://github.com/FreeRDP/Remmina/issues/1513
* https://github.com/FreeRDP/FreeRDP/issues/4449
Comment 1 Swamp Workflow Management 2018-03-15 09:40:07 UTC
This is an autogenerated message for OBS integration:
This bug (1085416) was mentioned in
https://build.opensuse.org/request/show/587441 42.3 / freerdp
Comment 2 Andreas Stieger 2018-03-15 11:29:07 UTC
In Leap 42.3 this package is inherited from SUSE:SLE-12-SP2:Update/freerdp.
Assume that this affects SLE 12 as well, assigning to SLE bugowner.

That being said, we could fork the package in Leap, even if this is not generally desired. Please let maintenance know.
Comment 3 Martin Pluskal 2018-03-21 13:27:35 UTC
We have submission from community user in https://build.opensuse.org/request/show/589700

I guess that we however want to resolve this for SLE as well
Comment 5 Maciej Szeliga 2018-03-21 13:54:54 UTC
This is quite critical for people working in mixed environments, they are not able to uninstall the Microsoft fix just because Linux can't connect.

KRDC has the same problem but rdesktop is working (but rdesktop has some funny screen issues with Radeon cards).
Comment 6 Johannes Weberhofer 2018-03-21 14:00:36 UTC
rdesktop doesn't use xfreerdp IMHO.
Comment 7 Andreas Stieger 2018-03-21 14:02:34 UTC
we can trigger parallel updates
Comment 8 Andreas Stieger 2018-03-21 14:03:55 UTC
Processed for openSUSE Maintenance. Test update packages will appear in:
http://download.opensuse.org/repositories/openSUSE:/Maintenance:/7928/
http://download.opensuse.org/update/leap/42.3-test/
Comment 10 Wolfgang Bauer 2018-03-21 19:45:50 UTC
*** Bug 1086109 has been marked as a duplicate of this bug. ***
Comment 11 Swamp Workflow Management 2018-03-23 23:07:41 UTC
openSUSE-RU-2018:0791-1: An update that has one recommended fix can now be installed.

Category: recommended (important)
Bug References: 1085416
CVE References: 
Sources used:
openSUSE Leap 42.3 (src):    freerdp-2.0.0~git.1463131968.4e66df7-9.1
Comment 12 Johannes Weberhofer 2018-05-23 10:01:20 UTC
*** Bug 1086546 has been marked as a duplicate of this bug. ***
Comment 15 Swamp Workflow Management 2019-01-21 17:12:15 UTC
SUSE-SU-2019:0134-1: An update that solves 8 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1085416,1087240,1104918,1116708,1117963,1117964,1117965,1117966,1117967,1120507
CVE References: CVE-2018-0886,CVE-2018-1000852,CVE-2018-8784,CVE-2018-8785,CVE-2018-8786,CVE-2018-8787,CVE-2018-8788,CVE-2018-8789
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    freerdp-2.0.0~git.1463131968.4e66df7-12.8.1
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    freerdp-2.0.0~git.1463131968.4e66df7-12.8.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    freerdp-2.0.0~git.1463131968.4e66df7-12.8.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    freerdp-2.0.0~git.1463131968.4e66df7-12.8.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    freerdp-2.0.0~git.1463131968.4e66df7-12.8.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    freerdp-2.0.0~git.1463131968.4e66df7-12.8.1
Comment 16 Swamp Workflow Management 2019-01-29 14:22:08 UTC
openSUSE-SU-2019:0096-1: An update that solves 8 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1085416,1087240,1104918,1116708,1117963,1117964,1117965,1117966,1117967,1120507
CVE References: CVE-2018-0886,CVE-2018-1000852,CVE-2018-8784,CVE-2018-8785,CVE-2018-8786,CVE-2018-8787,CVE-2018-8788,CVE-2018-8789
Sources used:
openSUSE Leap 42.3 (src):    freerdp-2.0.0~git.1463131968.4e66df7-13.1
Comment 17 Swamp Workflow Management 2019-03-04 20:56:51 UTC
SUSE-SU-2019:0539-1: An update that solves 8 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1085416,1087240,1103557,1104918,1112028,1116708,1117963,1117964,1117965,1117966,1117967,1120507
CVE References: CVE-2018-0886,CVE-2018-1000852,CVE-2018-8784,CVE-2018-8785,CVE-2018-8786,CVE-2018-8787,CVE-2018-8788,CVE-2018-8789
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    freerdp-2.0.0~rc4-3.3.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    freerdp-2.0.0~rc4-3.3.1
Comment 18 Swamp Workflow Management 2019-03-13 23:14:33 UTC
openSUSE-SU-2019:0325-1: An update that solves 8 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1085416,1087240,1103557,1104918,1112028,1116708,1117963,1117964,1117965,1117966,1117967,1120507
CVE References: CVE-2018-0886,CVE-2018-1000852,CVE-2018-8784,CVE-2018-8785,CVE-2018-8786,CVE-2018-8787,CVE-2018-8788,CVE-2018-8789
Sources used:
openSUSE Leap 15.0 (src):    freerdp-2.0.0~rc4-lp150.2.3.1
Comment 21 Swamp Workflow Management 2020-08-18 19:15:31 UTC
SUSE-SU-2020:2272-1: An update that fixes 46 vulnerabilities is now available.

Category: security (important)
Bug References: 1004108,1050699,1050704,1050708,1050711,1050712,1050714,1085416,1087240,1090677,1103557,1104918,1112028,1116708,1117963,1117964,1117965,1117966,1117967,1120507,1129193,1169679,1169748,1171441,1171443,1171444,1171445,1171446,1171447,1171674,1173247,1173605,1174200,1174321
CVE References: CVE-2017-2834,CVE-2017-2835,CVE-2017-2836,CVE-2017-2837,CVE-2017-2838,CVE-2017-2839,CVE-2018-0886,CVE-2018-1000852,CVE-2018-8784,CVE-2018-8785,CVE-2018-8786,CVE-2018-8787,CVE-2018-8788,CVE-2018-8789,CVE-2020-11017,CVE-2020-11018,CVE-2020-11019,CVE-2020-11038,CVE-2020-11039,CVE-2020-11040,CVE-2020-11041,CVE-2020-11043,CVE-2020-11085,CVE-2020-11086,CVE-2020-11087,CVE-2020-11088,CVE-2020-11089,CVE-2020-11095,CVE-2020-11096,CVE-2020-11097,CVE-2020-11098,CVE-2020-11099,CVE-2020-11521,CVE-2020-11522,CVE-2020-11523,CVE-2020-11524,CVE-2020-11525,CVE-2020-11526,CVE-2020-13396,CVE-2020-13397,CVE-2020-13398,CVE-2020-15103,CVE-2020-4030,CVE-2020-4031,CVE-2020-4032,CVE-2020-4033
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    freerdp-2.1.2-12.20.1, vinagre-3.20.2-16.3.3
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    freerdp-2.1.2-12.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.