Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Red Hat 8 RHSA-2023-2851-01 Moderate: FreeRDP Security Threat

red hat
Calendar Grey May 16, 2023
Dist Redhat Esm H88
Red Hat has released a crucial security update for FreeRDP on RHEL 8, addressing threats to system integrity. Users should apply patches promptly to enhance defenses against risks.
An update for freerdp is now available for Red Hat Enterprise Linux 8

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Summary

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.
Security Fix(es):
* freerdp: clients using `/parallel` command line switch might read uninitialized data (CVE-2022-39282)
* freerdp: clients using the `/video` command line switch might read uninitialized data (CVE-2022-39283)
* freerdp: out of bounds read in zgfx decoder (CVE-2022-39316)
* freerdp: undefined behaviour in zgfx decoder (CVE-2022-39317)
* freerdp: division by zero in urbdrc channel (CVE-2022-39318)
* freerdp: missing length validation in urbdrc channel (CVE-2022-39319)
* freerdp: heap buffer overflow in urbdrc channel (CVE-2022-39320)
* freerdp: missing path sanitation with `drive` channel (CVE-2022-39347)
* freerdp: missing input length validation in `drive` channel (CVE-2022-41877)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.

Topics%20covered

Topics Covered

security advisory moderate security update red hat remote desktop enterprise linux freerdp

References

https://access.redhat.com/security/cve/CVE-2022-39282 https://access.redhat.com/security/cve/CVE-2022-39283 https://access.redhat.com/security/cve/CVE-2022-39316 https://access.redhat.com/security/cve/CVE-2022-39317 https://access.redhat.com/security/cve/CVE-2022-39318 https://access.redhat.com/security/cve/CVE-2022-39319 https://access.redhat.com/security/cve/CVE-2022-39320 https://access.redhat.com/security/cve/CVE-2022-39347 https://access.redhat.com/security/cve/CVE-2022-41877 https://access.redhat.com/security/updates/classification#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/8.8_release_notes/index

Package List

Red Hat Enterprise Linux AppStream (v. 8):
Source: freerdp-2.2.0-10.el8.src.rpm
aarch64: freerdp-2.2.0-10.el8.aarch64.rpm freerdp-debuginfo-2.2.0-10.el8.aarch64.rpm freerdp-debugsource-2.2.0-10.el8.aarch64.rpm freerdp-libs-2.2.0-10.el8.aarch64.rpm freerdp-libs-debuginfo-2.2.0-10.el8.aarch64.rpm libwinpr-2.2.0-10.el8.aarch64.rpm libwinpr-debuginfo-2.2.0-10.el8.aarch64.rpm libwinpr-devel-2.2.0-10.el8.aarch64.rpm
ppc64le: freerdp-2.2.0-10.el8.ppc64le.rpm freerdp-debuginfo-2.2.0-10.el8.ppc64le.rpm freerdp-debugsource-2.2.0-10.el8.ppc64le.rpm freerdp-libs-2.2.0-10.el8.ppc64le.rpm freerdp-libs-debuginfo-2.2.0-10.el8.ppc64le.rpm libwinpr-2.2.0-10.el8.ppc64le.rpm libwinpr-debuginfo-2.2.0-10.el8.ppc64le.rpm libwinpr-devel-2.2.0-10.el8.ppc64le.rpm
s390x: freerdp-2.2.0-10.el8.s390x.rpm freerdp-debuginfo-2.2.0-10.el8.s390x.rpm freerdp-debugsource-2.2.0-10.el8.s390x.rpm freerdp-libs-2.2.0-10.el8.s390x.rpm freerdp-libs-debuginfo-2.2.0-10.el8.s390x.rpm libwinpr-2.2.0-10.el8.s390x.rpm libwinpr-debuginfo-2.2.0-10.el8.s390x.rpm libwinpr-devel-2.2.0-10.el8.s390x.rpm
x86_64: freerdp-2.2.0-10.el8.x86_64.rpm freerdp-debuginfo-2.2.0-10.el8.i686.rpm freerdp-debuginfo-2.2.0-10.el8.x86_64.rpm freerdp-debugsource-2.2.0-10.el8.i686.rpm freerdp-debugsource-2.2.0-10.el8.x86_64.rpm

Read the Full Advisory


Advisory ID: RHSA-2023:2851-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:2851
Issue date: 2023-05-16

Topic

An update for freerdp is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.

Topics%20covered

Topics Covered

security advisory moderate security update red hat remote desktop enterprise linux freerdp

Relevant Releases Architectures

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64

Bugs Fixed

2134713 - CVE-2022-39282 freerdp: clients using `/parallel` command line switch might read uninitialized data

2134717 - CVE-2022-39283 freerdp: clients using the `/video` command line switch might read uninitialized data

2143642 - CVE-2022-39316 freerdp: out of bounds read in zgfx decoder

2143643 - CVE-2022-39317 freerdp: undefined behaviour in zgfx decoder

2143644 - CVE-2022-39318 freerdp: division by zero in urbdrc channel

2143645 - CVE-2022-39319 freerdp: missing length validation in urbdrc channel

2143646 - CVE-2022-39320 freerdp: heap buffer overflow in urbdrc channel

2143647 - CVE-2022-39347 freerdp: missing path sanitation with `drive` channel

2143648 - CVE-2022-41877 freerdp: missing input length validation in `drive` channel

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here