Mageia 2022-0437: freerdp security update | LinuxSecurity.com
MGASA-2022-0437 - Updated freerdp packages fix security vulnerability

Publication date: 24 Nov 2022
URL: https://advisories.mageia.org/MGASA-2022-0437.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-39282,
     CVE-2022-39283

FreeRDP based clients on unix systems using `/parallel` command line
switch might read uninitialized data and send it to the server the client
is currently connected to. (CVE-2022-39282)

All FreeRDP based clients when using the `/video` command line switch
might read uninitialized data, decode it as audio/video and display the
result. (CVE-2022-39283)

References:
- https://bugs.mageia.org/show_bug.cgi?id=31136
- https://lists.suse.com/pipermail/sle-security-updates/2022-November/012920.html
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6cf9-3328-qrvh
- https://github.com/FreeRDP/FreeRDP/releases/tag/2.8.1
- https://lists.opensuse.org/archives/list/[email protected]/thread/HJA3DXXYKZSQPM7VF5GX343WBGCGAPAH/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39282
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39283

SRPMS:
- 8/core/freerdp-2.2.0-1.3.mga8

Mageia 2022-0437: freerdp security update

FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to

Summary

FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. (CVE-2022-39282)
All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. (CVE-2022-39283)

References

- https://bugs.mageia.org/show_bug.cgi?id=31136

- https://lists.suse.com/pipermail/sle-security-updates/2022-November/012920.html

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq

- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6cf9-3328-qrvh

- https://github.com/FreeRDP/FreeRDP/releases/tag/2.8.1

- https://lists.opensuse.org/archives/list/[email protected]/thread/HJA3DXXYKZSQPM7VF5GX343WBGCGAPAH/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39282

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39283

Resolution

MGASA-2022-0437 - Updated freerdp packages fix security vulnerability

SRPMS

- 8/core/freerdp-2.2.0-1.3.mga8

Severity
Publication date: 24 Nov 2022
URL: https://advisories.mageia.org/MGASA-2022-0437.html
Type: security
CVE: CVE-2022-39282, CVE-2022-39283

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.