Mageia 8 MGASA-2022-0437 Critical: FreeRDP Audio/Video Exploit
mageia
November 24, 2022
FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to
Summary
FreeRDP based clients on unix systems using `/parallel` command line
switch might read uninitialized data and send it to the server the client
is currently connected to. (CVE-2022-39282)
All FreeRDP based clients when using the `/video` command line switch
might read uninitialized data, decode it as audio/video and display the
result. (CVE-2022-39283)
References
- https://bugs.mageia.org/show_bug.cgi?id=31136
- https://lists.suse.com/pipermail/sle-security-updates/2022-November/012920.html
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6cf9-3328-qrvh
- https://github.com/FreeRDP/FreeRDP/releases/tag/2.8.1
-
- https://www.cve.org/CVERecord?id=CVE-2022-39282
- https://www.cve.org/CVERecord?id=CVE-2022-39283
Resolution
SRPMS
- 8/core/freerdp-2.2.0-1.3.mga8
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 24 Nov 2022
URL: https://advisories.mageia.org/MGASA-2022-0437.html
Type: security
CVE: CVE-2022-39282,
CVE-2022-39283
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!