Several security issues were fixed in FreeRDP.
Software Description:
- freerdp2: RDP client for Windows Terminal Services
Details:
It was discovered that FreeRDP did not properly manage certain inputs. A
malicious server could use this issue to cause FreeRDP clients to crash,
resulting in a denial of service, or possibly obtain sensitive
information. (cve-2023-39350, cve-2023-39351, CVE-2023-39353,
CVE-2023-39354, CVE-2023-40181, CVE-2023-40188, CVE-2023-40589)
It was discovered that FreeRDP did not properly manage certain inputs. A
malicious server could use this issue to cause FreeRDP clients to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(cve-2023-40186 CVE-2023-40567, CVE-2023-40569)
The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: libfreerdp2-2 2.10.0+dfsg1-1ubuntu0.2 Ubuntu 22.04 LTS: libfreerdp2-2 2.6.1+dfsg1-3ubuntu2.4 libwinpr2-2 2.6.1+dfsg1-3ubuntu2.4 libwinpr2-dev 2.6.1+dfsg1-3ubuntu2.4 Ubuntu 20.04 LTS: libfreerdp2-2 2.2.0+dfsg1-0ubuntu0.20.04.5 libwinpr2-2 2.2.0+dfsg1-0ubuntu0.20.04.5 libwinpr2-dev 2.2.0+dfsg1-0ubuntu0.20.04.5 Ubuntu 18.04 LTS (Available with Ubuntu Pro): libfreerdp2-2 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1 libwinpr2-2 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1 libwinpr2-dev 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1 In general, a standard system update will make all the necessary changes.
CVE-2023-39350, CVE-2023-39351, CVE-2023-39353, CVE-2023-39354,
CVE-2023-40181, CVE-2023-40186, CVE-2023-40188, CVE-2023-40567,
CVE-2023-40569, CVE-2023-40589
Get the latest Linux and open source security news straight to your inbox.