Bug 1085416 – FreeRDP/Remmina can not connect to Windows 7-10 with March 2018 updates

Bug 1085416 - (CVE-2018-0886) FreeRDP/Remmina can not connect to Windows 7-10 with March 2018 updates

(CVE-2018-0886)
Summary:	FreeRDP/Remmina can not connect to Windows 7-10 with March 2018 updates

Status:	RESOLVED FIXED
Duplicates:	1086109 1086546 (view as bug list)

Classification:	openSUSE
Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Other
Version:	Leap 42.3
Hardware:	Other Other

Priority:	P5 - None Severity: Major (vote)
Target Milestone:	---
Assigned To:	Felix Zhang
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2018-03-15 07:33 UTC by Johannes Weberhofer
Modified:	2020-08-18 19:15 UTC (History)
CC List:	11 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Weberhofer 2018-03-15 07:33:14 UTC

This issue results on a fix for windows "CredSSP updates for CVE-2018-0886" as described in https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018

Windows 10 (KB4088776)
Windows Server 2016 (KB4088787)
Windows 8.1 (KB4088876)
Windows Server 2012 R2 (KB4088876)
Windows 7 SP1 (KB4088875)
Windows Server 2008 R2 SP1 (KB4088875)

The related FreeRDP/Remmina tickets are:
* https://github.com/FreeRDP/Remmina/issues/1513
* https://github.com/FreeRDP/FreeRDP/issues/4449

Comment 1 Swamp Workflow Management 2018-03-15 09:40:07 UTC

This is an autogenerated message for OBS integration:
This bug (1085416) was mentioned in
https://build.opensuse.org/request/show/587441 42.3 / freerdp

Comment 2 Andreas Stieger 2018-03-15 11:29:07 UTC

In Leap 42.3 this package is inherited from SUSE:SLE-12-SP2:Update/freerdp.
Assume that this affects SLE 12 as well, assigning to SLE bugowner.

That being said, we could fork the package in Leap, even if this is not generally desired. Please let maintenance know.

Comment 3 Martin Pluskal 2018-03-21 13:27:35 UTC

We have submission from community user in https://build.opensuse.org/request/show/589700

I guess that we however want to resolve this for SLE as well

Comment 5 Maciej Szeliga 2018-03-21 13:54:54 UTC

This is quite critical for people working in mixed environments, they are not able to uninstall the Microsoft fix just because Linux can't connect.

KRDC has the same problem but rdesktop is working (but rdesktop has some funny screen issues with Radeon cards).

Comment 6 Johannes Weberhofer 2018-03-21 14:00:36 UTC

rdesktop doesn't use xfreerdp IMHO.

Comment 7 Andreas Stieger 2018-03-21 14:02:34 UTC

we can trigger parallel updates

Comment 8 Andreas Stieger 2018-03-21 14:03:55 UTC

Processed for openSUSE Maintenance. Test update packages will appear in:
http://download.opensuse.org/repositories/openSUSE:/Maintenance:/7928/
http://download.opensuse.org/update/leap/42.3-test/

Comment 10 Wolfgang Bauer 2018-03-21 19:45:50 UTC

*** Bug 1086109 has been marked as a duplicate of this bug. ***

Comment 11 Swamp Workflow Management 2018-03-23 23:07:41 UTC

openSUSE-RU-2018:0791-1: An update that has one recommended fix can now be installed.

Category: recommended (important)
Bug References: 1085416
CVE References: 
Sources used:
openSUSE Leap 42.3 (src):    freerdp-2.0.0~git.1463131968.4e66df7-9.1

Comment 12 Johannes Weberhofer 2018-05-23 10:01:20 UTC

*** Bug 1086546 has been marked as a duplicate of this bug. ***

Comment 15 Swamp Workflow Management 2019-01-21 17:12:15 UTC

SUSE-SU-2019:0134-1: An update that solves 8 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1085416,1087240,1104918,1116708,1117963,1117964,1117965,1117966,1117967,1120507
CVE References: CVE-2018-0886,CVE-2018-1000852,CVE-2018-8784,CVE-2018-8785,CVE-2018-8786,CVE-2018-8787,CVE-2018-8788,CVE-2018-8789
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    freerdp-2.0.0~git.1463131968.4e66df7-12.8.1
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    freerdp-2.0.0~git.1463131968.4e66df7-12.8.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    freerdp-2.0.0~git.1463131968.4e66df7-12.8.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    freerdp-2.0.0~git.1463131968.4e66df7-12.8.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    freerdp-2.0.0~git.1463131968.4e66df7-12.8.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    freerdp-2.0.0~git.1463131968.4e66df7-12.8.1

Comment 16 Swamp Workflow Management 2019-01-29 14:22:08 UTC

openSUSE-SU-2019:0096-1: An update that solves 8 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1085416,1087240,1104918,1116708,1117963,1117964,1117965,1117966,1117967,1120507
CVE References: CVE-2018-0886,CVE-2018-1000852,CVE-2018-8784,CVE-2018-8785,CVE-2018-8786,CVE-2018-8787,CVE-2018-8788,CVE-2018-8789
Sources used:
openSUSE Leap 42.3 (src):    freerdp-2.0.0~git.1463131968.4e66df7-13.1

Comment 17 Swamp Workflow Management 2019-03-04 20:56:51 UTC

SUSE-SU-2019:0539-1: An update that solves 8 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1085416,1087240,1103557,1104918,1112028,1116708,1117963,1117964,1117965,1117966,1117967,1120507
CVE References: CVE-2018-0886,CVE-2018-1000852,CVE-2018-8784,CVE-2018-8785,CVE-2018-8786,CVE-2018-8787,CVE-2018-8788,CVE-2018-8789
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    freerdp-2.0.0~rc4-3.3.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    freerdp-2.0.0~rc4-3.3.1

Comment 18 Swamp Workflow Management 2019-03-13 23:14:33 UTC

openSUSE-SU-2019:0325-1: An update that solves 8 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 1085416,1087240,1103557,1104918,1112028,1116708,1117963,1117964,1117965,1117966,1117967,1120507
CVE References: CVE-2018-0886,CVE-2018-1000852,CVE-2018-8784,CVE-2018-8785,CVE-2018-8786,CVE-2018-8787,CVE-2018-8788,CVE-2018-8789
Sources used:
openSUSE Leap 15.0 (src):    freerdp-2.0.0~rc4-lp150.2.3.1

Comment 21 Swamp Workflow Management 2020-08-18 19:15:31 UTC

SUSE-SU-2020:2272-1: An update that fixes 46 vulnerabilities is now available.

Category: security (important)
Bug References: 1004108,1050699,1050704,1050708,1050711,1050712,1050714,1085416,1087240,1090677,1103557,1104918,1112028,1116708,1117963,1117964,1117965,1117966,1117967,1120507,1129193,1169679,1169748,1171441,1171443,1171444,1171445,1171446,1171447,1171674,1173247,1173605,1174200,1174321
CVE References: CVE-2017-2834,CVE-2017-2835,CVE-2017-2836,CVE-2017-2837,CVE-2017-2838,CVE-2017-2839,CVE-2018-0886,CVE-2018-1000852,CVE-2018-8784,CVE-2018-8785,CVE-2018-8786,CVE-2018-8787,CVE-2018-8788,CVE-2018-8789,CVE-2020-11017,CVE-2020-11018,CVE-2020-11019,CVE-2020-11038,CVE-2020-11039,CVE-2020-11040,CVE-2020-11041,CVE-2020-11043,CVE-2020-11085,CVE-2020-11086,CVE-2020-11087,CVE-2020-11088,CVE-2020-11089,CVE-2020-11095,CVE-2020-11096,CVE-2020-11097,CVE-2020-11098,CVE-2020-11099,CVE-2020-11521,CVE-2020-11522,CVE-2020-11523,CVE-2020-11524,CVE-2020-11525,CVE-2020-11526,CVE-2020-13396,CVE-2020-13397,CVE-2020-13398,CVE-2020-15103,CVE-2020-4030,CVE-2020-4031,CVE-2020-4032,CVE-2020-4033
JIRA References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP5 (src):    freerdp-2.1.2-12.20.1, vinagre-3.20.2-16.3.3
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    freerdp-2.1.2-12.20.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.