[ALSA-2023:2851] Moderate: freerdp security update
Type:
security
Severity:
moderate
Release date:
2023-05-19
Description:
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): * freerdp: clients using `/parallel` command line switch might read uninitialized data (CVE-2022-39282) * freerdp: clients using the `/video` command line switch might read uninitialized data (CVE-2022-39283) * freerdp: out of bounds read in zgfx decoder (CVE-2022-39316) * freerdp: undefined behaviour in zgfx decoder (CVE-2022-39317) * freerdp: division by zero in urbdrc channel (CVE-2022-39318) * freerdp: missing length validation in urbdrc channel (CVE-2022-39319) * freerdp: heap buffer overflow in urbdrc channel (CVE-2022-39320) * freerdp: missing path sanitation with `drive` channel (CVE-2022-39347) * freerdp: missing input length validation in `drive` channel (CVE-2022-41877) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 libwinpr-2.2.0-10.el8.aarch64.rpm 294e3e6629d6b0ee5071fd72a0179ed380bd2ebc48a287a9ca5a6faec72d0b1a
aarch64 freerdp-libs-2.2.0-10.el8.aarch64.rpm a6c16c69562430aa06daefd517b3be9745ef94fe57ace3dedeb0828585e50270
aarch64 libwinpr-devel-2.2.0-10.el8.aarch64.rpm b7f83393c535f9dd257769f9a744cfb89fd0ce2f6c47cfe31ddc7b58ba5e3d65
aarch64 freerdp-devel-2.2.0-10.el8.aarch64.rpm b8a7ec72742e07b91a78faebb857b54b8fc3a27c0a421305de0f3e19b9ca444a
aarch64 freerdp-2.2.0-10.el8.aarch64.rpm dd14df952929f3265f5701b0d768698b08679d7460e579786383c9031a2f5298
i686 freerdp-libs-2.2.0-10.el8.i686.rpm 5221170e1d29ffcfa742170f9bc57975c84194cbc1f4c4d88f0c351c9953bb63
i686 libwinpr-2.2.0-10.el8.i686.rpm 97cfadeacf7b47ab1d6a343397ae229a76cf00106adf760dfaf327c545361643
i686 freerdp-devel-2.2.0-10.el8.i686.rpm b7fe4224b315e42e0a0f597d875ee694e9784192a28bfa2b9a9da21b8f901510
i686 libwinpr-devel-2.2.0-10.el8.i686.rpm f1cf40eb121f3c7195a8a132e6b9ae48e70ece176c543eb5c835946cc0421535
ppc64le libwinpr-devel-2.2.0-10.el8.ppc64le.rpm 1092134642c7b58003956a18b50582e6bf620a513786eb690bf6d74d2449fd0f
ppc64le libwinpr-2.2.0-10.el8.ppc64le.rpm 7327c9cc33e0e60402b307614d168bc5f9531c08bc44f0d35d7a4e5f504746f8
ppc64le freerdp-devel-2.2.0-10.el8.ppc64le.rpm d13ab130bd77fa030fe47c0ed871553624165bccffe55df42e2107a946d534eb
ppc64le freerdp-2.2.0-10.el8.ppc64le.rpm e9522ba4b70525c8f572b4bdebc1a95a7799878d349a33695905025026ede224
ppc64le freerdp-libs-2.2.0-10.el8.ppc64le.rpm f8d5978b11d741418deaf65d9df9d4dde448f6cd8b34b94b19943570cc7f5d08
s390x freerdp-libs-2.2.0-10.el8.s390x.rpm 41d8887c2da2a76130b396eb0b9d490e2b86645dddfc3ce485fa38ccad3633d4
s390x libwinpr-devel-2.2.0-10.el8.s390x.rpm 5dde30bea0437330012e613d9a321eafcb524248a731edd20a6b8460e41eb087
s390x freerdp-2.2.0-10.el8.s390x.rpm 7b5b7cd5fa5d6c64ffc5e6991456b02e61521ff10574c4c1cfb01e9e65e9b4f8
s390x freerdp-devel-2.2.0-10.el8.s390x.rpm 857853f74e3fc68a2adba2a8e7fdf1425dc3e8af73989eb832afae7369e28cd6
s390x libwinpr-2.2.0-10.el8.s390x.rpm 962c281b600f481a160c51361e9fd54ecb8c5f38c4d8ce56cac98f7b15908f80
x86_64 freerdp-devel-2.2.0-10.el8.x86_64.rpm 3173a1c601545747d3e2d19d332c11b4fb9def491f88e04ce6b0c5d31f082d9b
x86_64 freerdp-libs-2.2.0-10.el8.x86_64.rpm 3f32ff5031cc565083df4c6ac878f197115a3d66bd5afccf312fca32ab624a42
x86_64 freerdp-2.2.0-10.el8.x86_64.rpm e62545c4593661aa76b696f6c288a76e3f06ac5fb1da7928de95821daaa6a7ed
x86_64 libwinpr-devel-2.2.0-10.el8.x86_64.rpm ec3c8076e536165747ec46497b5f1c352345fa0cabde1f3fcce1021a212aebf5
x86_64 libwinpr-2.2.0-10.el8.x86_64.rpm f0453b308c7cc4883fdf44c636b4562ca9534554d335637497447a391ebc9117
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.