Описание
ELSA-2023-2326: freerdp security update (MODERATE)
[2:2.4.1-5]
- Fix 'implicit declaration of function' errors (#2136155, #2145140)
[- 2:2.4.1-4]
- CVE-2022-39282: Fix length checks in parallel driver (#2136152)
- CVE-2022-39283: Add missing length check in video channel (#2136154)
- CVE-2022-39316, CVE-2022-39317: Add missing length checks in zgfx (#2145140)
- CVE-2022-39318: Fix division by zero in urbdrc channel (#2145140)
- CVE-2022-39319: Add missing length checks in urbdrc channel (#2145140)
- CVE-2022-39320: Ensure urb_create_iocompletion uses size_t (#2145140)
- CVE-2022-39347: Fix path validation in drive channel (#2145140)
- CVE-2022-41877: Add missing length check in drive channel (#2145140)
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
freerdp
2.4.1-5.el9
freerdp-devel
2.4.1-5.el9
freerdp-libs
2.4.1-5.el9
libwinpr
2.4.1-5.el9
libwinpr-devel
2.4.1-5.el9
Oracle Linux x86_64
freerdp
2.4.1-5.el9
freerdp-devel
2.4.1-5.el9
freerdp-libs
2.4.1-5.el9
libwinpr
2.4.1-5.el9
libwinpr-devel
2.4.1-5.el9
Ссылки на источники
Связанные уязвимости
CVSS3: 4.8
ubuntu
больше 2 лет назад
FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade.