Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Fedora 37: 2022-076b1c9978 Critical: FreeRDP Input Validation Flaws

fedora
Calendar Grey December 16, 2022
Dist Fedora Esm H88
Upgrade to Fedora 37 includes freerdp version 2.9.0, rectifying several security vulnerabilities and addressing possible exploit vectors.
Update to 2.9.0 (CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319, CVE-2022-39320, CVE-2022-41877 and CVE-2022-39347).

Summary

The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP

project.

xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows

machines, xrdp and VirtualBox.

Update to 2.9.0 (CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319,

CVE-2022-39320, CVE-2022-41877 and CVE-2022-39347).

* Wed Nov 30 2022 Ondrej Holy - 2:2.9.0-1

- Update to 2.9.0 (CVE-2022-39316, CVE-2022-39317, CVE-2022-39318,

CVE-2022-39319, CVE-2022-39320, CVE-2022-41877, CVE-2022-39347).

[ 1 ] Bug #2143642 - CVE-2022-39316 freerdp: out of bounds read in zgfx decoder

https://bugzilla.redhat.com/show_bug.cgi?id=2143642

[ 2 ] Bug #2143643 - CVE-2022-39317 freerdp: undefined behaviour in zgfx decoder

https://bugzilla.redhat.com/show_bug.cgi?id=2143643

[ 3 ] Bug #2143644 - CVE-2022-39318 freerdp: division by zero in urbdrc channel

https://bugzilla.redhat.com/show_bug.cgi?id=2143644

[ 4 ] Bug #2143645 - CVE-2022-39319 freerdp: missing length validation in urbdrc channel

https://bugzilla.redhat.com/show_bug.cgi?id=2143645

[ 5 ] Bug #2143646 - CVE-2022-39320 freerdp: heap buffer overflow in urbdrc channel

https://bugzilla.redhat.com/show_bug.cgi?id=2143646

[ 6 ] Bug #2143647 - CVE-2022-39347 freerdp: missing path sanitation with `drive` channel

https://bugzilla.redhat.com/show_bug.cgi?id=2143647

[ 7 ] Bug #2143648 - CVE-2022-41877 freerdp: missing input length validation in `drive` channel

https://bugzilla.redhat.com/show_bug.cgi?id=2143648

su -c 'dnf upgrade --advisory FEDORA-2022-076b1c9978' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Topics%20covered

Topics Covered

security advisory update buffer overflow Fedora input validation remote desktop freerdp

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 37
Version: 2.9.0
Release: 1.fc37
URL: https://www.freerdp.com/
Summary: Free implementation of the Remote Desktop Protocol (RDP)

Topics%20covered

Topics Covered

security advisory update buffer overflow Fedora input validation remote desktop freerdp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here