Mageia 2021-0522: freerdp security update
Summary
All FreeRDP clients prior to version 2.4.1 using gateway connections
('/gt:rpc') fail to validate input data. A malicious gateway might allow
client memory to be written out of bounds. This issue has been resolved in
version 2.4.1. If you are unable to update then use `/gt:http` rather than
/gt:rdp connections if possible or use a direct connection without a
gateway. (CVE-2021-41159)
In affected versions a malicious server might trigger out of bound writes
in a connected client. Connections using GDI or SurfaceCommands to send
graphics updates to the client might send `0` width/height or out of bound
rectangles to trigger out of bound writes. With `0` width or heigth the
memory allocation will be `0` but the missing bounds checks allow writing
to the pointer at this (not allocated) region. This issue has been patched
in FreeRDP 2.4.1. (CVE-2021-41160)
References
- https://bugs.mageia.org/show_bug.cgi?id=29654
- https://access.redhat.com/errata/RHSA-2021:4622
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41159
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41160
Resolution
MGASA-2021-0522 - Updated freerdp packages fix security vulnerability
SRPMS
- 8/core/freerdp-2.2.0-1.1.mga8