[ALSA-2023:2326] Moderate: freerdp security update
Type:
security
Severity:
moderate
Release date:
2023-05-12
Description:
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): * freerdp: clients using `/parallel` command line switch might read uninitialized data (CVE-2022-39282) * freerdp: clients using the `/video` command line switch might read uninitialized data (CVE-2022-39283) * freerdp: out of bounds read in zgfx decoder (CVE-2022-39316) * freerdp: undefined behaviour in zgfx decoder (CVE-2022-39317) * freerdp: division by zero in urbdrc channel (CVE-2022-39318) * freerdp: missing length validation in urbdrc channel (CVE-2022-39319) * freerdp: heap buffer overflow in urbdrc channel (CVE-2022-39320) * freerdp: missing path sanitation with `drive` channel (CVE-2022-39347) * freerdp: missing input length validation in `drive` channel (CVE-2022-41877) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 libwinpr-2.4.1-5.el9.aarch64.rpm 1b0c2f964c8270e23706c8430dc34ca2314accd80a5aec22946d9c42735c15d4
aarch64 freerdp-devel-2.4.1-5.el9.aarch64.rpm 1c60d72fc592b911678a375de6b8e461548e11ca18903c5298b1c51b6e47432a
aarch64 freerdp-libs-2.4.1-5.el9.aarch64.rpm b81b55c1629a012c04c8f3244617f0c5a13fee6179c61b8fb30544b4e3f29184
aarch64 freerdp-2.4.1-5.el9.aarch64.rpm d96061fcafaf0fff23c3dc6bd162d7ae674e546e82a99811f2479d88316c9213
aarch64 libwinpr-devel-2.4.1-5.el9.aarch64.rpm e847db36cf50f1ee79816f64caa4e6074311c6b6e02706c7678c65f5280f6570
i686 libwinpr-2.4.1-5.el9.i686.rpm 0b6272ec460689c760482dacb9091af3f2456a06b8c247f167437eba4b6e6723
i686 freerdp-libs-2.4.1-5.el9.i686.rpm c845ed7ed89d41b16bda32c34c3df69fe6ccac361a7d04d2bdffdfcfd51fd0df
i686 libwinpr-devel-2.4.1-5.el9.i686.rpm e6f7b129cdb533efceddb8023264d482cd3fb2071cb7e037d826a2ef60728d23
i686 freerdp-devel-2.4.1-5.el9.i686.rpm e9efadfe2702412990f2694177906713f819c420b30b309cf3a9c7ff0a9c711b
ppc64le libwinpr-devel-2.4.1-5.el9.ppc64le.rpm 3c7232a65203d34d32636a0f1ef5a79ef85c2cd51a0feb10db6f318d43f436d8
ppc64le freerdp-libs-2.4.1-5.el9.ppc64le.rpm 5bab9c943fc7de7c31bc4fa6c1545dc04f0169c3115cc69234c6f9e3c125e42a
ppc64le freerdp-2.4.1-5.el9.ppc64le.rpm d4bf6bd3252d9f86ef09ae65cf544c6f7ac345097c2acfeeaab902a1db6529c1
ppc64le libwinpr-2.4.1-5.el9.ppc64le.rpm f6ae75478cb30d03de2db17d829ccbd6f8ee8a4fbbbd2ac47b6ed6daf5c16631
ppc64le freerdp-devel-2.4.1-5.el9.ppc64le.rpm fed730ceda94fe100ed0d26e8feece6b8c002ad4572679c995a1148443e31c54
s390x freerdp-2.4.1-5.el9.s390x.rpm 0b657653005d2abedd2d9ec8a4d35824a72623c4d790deea7b5aa67f8ee89a2f
s390x libwinpr-2.4.1-5.el9.s390x.rpm 817dc21383f015ec08f461bf12785698f2cd48532282ddb9b3342929f786bf2d
s390x libwinpr-devel-2.4.1-5.el9.s390x.rpm a578ca2010f17d7d9bb89ff4560135ce72d6abe41bd34a4fb9c4a2ce19e01eff
s390x freerdp-devel-2.4.1-5.el9.s390x.rpm b66b31233d8907e370a4c52f15d48eb8f9afff2b7ad1e47cba5a05b45d67a8bd
s390x freerdp-libs-2.4.1-5.el9.s390x.rpm c8ce550f3b7fc5be65667123e727290e91f26d446b268113a0c6c7eb27a466cc
x86_64 freerdp-devel-2.4.1-5.el9.x86_64.rpm 6b9368e029a55205a9fd36d2418958827510cbda7645885c917ee7bcd8213741
x86_64 libwinpr-devel-2.4.1-5.el9.x86_64.rpm 7525f31ed8d81d7ef9b92765cd1f9429d5a368e55b0136166251dd63a0744f8b
x86_64 freerdp-2.4.1-5.el9.x86_64.rpm c2850b222045142657687c2256adfdff7e4ceb57822faefa196d3fe1c67a977d
x86_64 freerdp-libs-2.4.1-5.el9.x86_64.rpm ceae2daa582a0f1a4f122259cd9084ea876f6a0f55a29501b711bdd1e7da3aff
x86_64 libwinpr-2.4.1-5.el9.x86_64.rpm ed2eac40785a1262e8cd6e4beeaf733bf392cbb844a591779b350fb762dbd2f6
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.