Ubuntu Security Notice USN-5461-1
June 06, 2022

freerdp2 vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS


FreeRDP could allow unintended access to network services.

Software Description:
- freerdp2: RDP client for Windows Terminal Services


It was discovered that FreeRDP incorrectly handled empty password values. A
remote attacker could use this issue to bypass server authentication. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10.

It was discovered that FreeRDP incorrectly handled server configurations
with an invalid SAM file path. A remote attacker could use this issue to
bypass server authentication. (CVE-2022-24883)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
  libfreerdp-client2-2            2.6.1+dfsg1-3ubuntu2.1
  libfreerdp-server2-2            2.6.1+dfsg1-3ubuntu2.1

Ubuntu 21.10:
  libfreerdp-client2-2            2.3.0+dfsg1-2ubuntu0.2
  libfreerdp-server2-2            2.3.0+dfsg1-2ubuntu0.2

Ubuntu 20.04 LTS:
  libfreerdp-client2-2            2.2.0+dfsg1-0ubuntu0.20.04.3
  libfreerdp-server2-2            2.2.0+dfsg1-0ubuntu0.20.04.3

Ubuntu 18.04 LTS:
  libfreerdp-client2-2            2.2.0+dfsg1-0ubuntu0.18.04.3
  libfreerdp-server2-2            2.2.0+dfsg1-0ubuntu0.18.04.3

After a standard system update you need to reboot your computer to make all
the necessary changes.

  CVE-2022-24882, CVE-2022-24883

Package Information: