Mageia 2022-0437: freerdp security update | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Sign Up
MGASA-2022-0437 - Updated freerdp packages fix security vulnerability

Publication date: 24 Nov 2022
URL: https://advisories.mageia.org/MGASA-2022-0437.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-39282,
     CVE-2022-39283

FreeRDP based clients on unix systems using `/parallel` command line
switch might read uninitialized data and send it to the server the client
is currently connected to. (CVE-2022-39282)

All FreeRDP based clients when using the `/video` command line switch
might read uninitialized data, decode it as audio/video and display the
result. (CVE-2022-39283)

References:
- https://bugs.mageia.org/show_bug.cgi?id=31136
- https://lists.suse.com/pipermail/sle-security-updates/2022-November/012920.html
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6cf9-3328-qrvh
- https://github.com/FreeRDP/FreeRDP/releases/tag/2.8.1
- https://lists.opensuse.org/archives/list/[email protected]/thread/HJA3DXXYKZSQPM7VF5GX343WBGCGAPAH/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39282
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39283

SRPMS:
- 8/core/freerdp-2.2.0-1.3.mga8

Mageia 2022-0437: freerdp security update

FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to

Summary

FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. (CVE-2022-39282)
All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. (CVE-2022-39283)

References

- https://bugs.mageia.org/show_bug.cgi?id=31136

- https://lists.suse.com/pipermail/sle-security-updates/2022-November/012920.html

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6cf9-3328-qrvh

- https://github.com/FreeRDP/FreeRDP/releases/tag/2.8.1

- https://lists.opensuse.org/archives/list/[email protected]/thread/HJA3DXXYKZSQPM7VF5GX343WBGCGAPAH/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39282

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39283

Resolution

MGASA-2022-0437 - Updated freerdp packages fix security vulnerability

SRPMS

- 8/core/freerdp-2.2.0-1.3.mga8

Severity
Publication date: 24 Nov 2022
URL: https://advisories.mageia.org/MGASA-2022-0437.html
Type: security
CVE: CVE-2022-39282, CVE-2022-39283

Related News

New Ransomware Group Uses Repurposed LockBit, Babuk Variants

Remotely Exploitable Open vSwitch DoS Vuln Fixed

RTM Locker Ransomware Targets Linux Architecture

Chinese Hackers Spotted Using Linux Variant of PingPull in Targeted Cyberattacks

News

Advisories

HOWTOs

Features

Linux Container Security Primer
Email Phishing Using Kali Linux
Is Linux A More Secure Option Than Windows For Businesses?
How Secure Is Linux?
How To Secure Against WordPress Vulnerabilities with Predictive Analysis Detection & Automated Remediation

About Us

Powered By

Footer Logo