Fedora 33: 2021-ac23d9e47f Security Advisory for FreeRDP and Remmina

Medusa is a speedy, massively parallel, modular,

login brute-forcer for network services.

Some of the key features of Medusa are:

* Thread-based parallel testing. Brute-force

testing can be performed against multiple hosts,

users or passwords concurrently.

* Flexible user input. Target information

(host/user/password) can be specified in a variety of ways.

For example, each item can be either a single

entry or a file containing multiple entries.

Additionally, a combination file format allows

the user to refine their target listing.

* Modular design. Each service module exists

as an independent .mod file.

This means that no modifications are necessary

to the core application in order to extend

the supported list of services for brute-forcing.

Security and bug fixes for FreeRDP & Remmina.

* Wed Nov 10 2021 Simone Caronni - 2.2-14.20181216git292193b

- Rebuild for updated FreeRDP.

[ 1 ] Bug #1960201 - [abrt] remmina: rcw_after_configure_scrolled(): remmina killed by SIGSEGV

https://bugzilla.redhat.com/show_bug.cgi?id=1960201

[ 2 ] Bug #1986752 - [abrt] remmina: g_type_check_instance_cast(): remmina killed by SIGSEGV

https://bugzilla.redhat.com/show_bug.cgi?id=1986752

[ 3 ] Bug #1997002 - [abrt] remmina: pa_stream_writable_size(): remmina killed by SIGABRT

https://bugzilla.redhat.com/show_bug.cgi?id=1997002

[ 4 ] Bug #2015170 - [abrt] remmina: bio_write_intern(): remmina killed by SIGSEGV

https://bugzilla.redhat.com/show_bug.cgi?id=2015170

[ 5 ] Bug #2015189 - remmina-1.4.21 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2015189

[ 6 ] Bug #2016413 - CVE-2021-41160 freerdp: improper region checks in all clients allow out of bound write to memory [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2016413

su -c 'dnf upgrade --advisory FEDORA-2021-ac23d9e47f' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure