Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Fedora 36: 2022-fd6e43dec8 Critical: FreeRDP RDP Client Update

fedora
Calendar Grey December 16, 2022
Dist Fedora Esm H88
Upgrade to FreeRDP version 2.9.0 in Fedora resolves significant security weaknesses that impact RDP clients.
Update to 2.9.0 (CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319, CVE-2022-39320, CVE-2022-41877 and CVE-2022-39347)

Summary

The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP

project.

xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows

machines, xrdp and VirtualBox.

Update to 2.9.0 (CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319,

CVE-2022-39320, CVE-2022-41877 and CVE-2022-39347). ---- Update to 2.8.1

(CVE-2022-39282, CVE-2022-39283).

* Wed Nov 30 2022 Ondrej Holy - 2:2.9.0-1

- Update to 2.9.0 (CVE-2022-39316, CVE-2022-39317, CVE-2022-39318,

CVE-2022-39319, CVE-2022-39320, CVE-2022-41877, CVE-2022-39347).

* Mon Nov 14 2022 Ondrej Holy - 2:2.8.1-1

- Update to 2.8.1 (CVE-2022-39282, CVE-2022-39283).

[ 1 ] Bug #2134713 - CVE-2022-39282 freerdp: clients using `/parallel` command line switch might read uninitialized data

https://bugzilla.redhat.com/show_bug.cgi?id=2134713

[ 2 ] Bug #2134717 - CVE-2022-39283 freerdp: clients using the `/video` command line switch might read uninitialized data

https://bugzilla.redhat.com/show_bug.cgi?id=2134717

[ 3 ] Bug #2143642 - CVE-2022-39316 freerdp: out of bounds read in zgfx decoder

https://bugzilla.redhat.com/show_bug.cgi?id=2143642

[ 4 ] Bug #2143643 - CVE-2022-39317 freerdp: undefined behaviour in zgfx decoder

https://bugzilla.redhat.com/show_bug.cgi?id=2143643

[ 5 ] Bug #2143644 - CVE-2022-39318 freerdp: division by zero in urbdrc channel

https://bugzilla.redhat.com/show_bug.cgi?id=2143644

[ 6 ] Bug #2143645 - CVE-2022-39319 freerdp: missing length validation in urbdrc channel

https://bugzilla.redhat.com/show_bug.cgi?id=2143645

[ 7 ] Bug #2143646 - CVE-2022-39320 freerdp: heap buffer overflow in urbdrc channel

https://bugzilla.redhat.com/show_bug.cgi?id=2143646

[ 8 ] Bug #2143647 - CVE-2022-39347 freerdp: missing path sanitation with `drive` channel

https://bugzilla.redhat.com/show_bug.cgi?id=2143647

[ 9 ] Bug #2143648 - CVE-2022-41877 freerdp: missing input length validation in `drive` channel

https://bugzilla.redhat.com/show_bug.cgi?id=2143648

su -c 'dnf upgrade --advisory FEDORA-2022-fd6e43dec8' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Topics%20covered

Topics Covered

security advisory critical Fedora remote desktop freerdp

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 36
Version: 2.9.0
Release: 1.fc36
URL: https://www.freerdp.com/
Summary: Free implementation of the Remote Desktop Protocol (RDP)

Topics%20covered

Topics Covered

security advisory critical Fedora remote desktop freerdp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here