blob: a6aadc1ed23ea191775e2b789e2e994230f234b9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
<define-tag description>LTS security update</define-tag>
<define-tag moreinfo>
<p>Debian Bug : 1001062 1021659</p>
<p>Multiple vulnerabilties have been found in freelrdp2, a free implementation of
the Remote Desktop Protocol (RDP). The vulnerabilties potentially allows
authentication bypasses on configuration errors, buffer overreads, DoS vectors,
buffer overflows or accessing files outside of a shared directory.</p>
<ul>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2021-41160">CVE-2021-41160</a>
<p>In affected versions a malicious server might trigger out of bound writes in a
connected client. Connections using GDI or SurfaceCommands to send graphics
updates to the client might send `0` width/height or out of bound rectangles to
trigger out of bound writes. With `0` width or heigth the memory allocation
will be `0` but the missing bounds checks allow writing to the pointer at this
(not allocated) region.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2022-24883">CVE-2022-24883</a>
<p>Prior to version 2.7.0, server side authentication against a `SAM` file might
be successful for invalid credentials if the server has configured an invalid
`SAM` file path. FreeRDP based clients are not affected. RDP server
implementations using FreeRDP to authenticate against a `SAM` file are
affected. Version 2.7.0 contains a fix for this issue. As a workaround, use
custom authentication via `HashCallback` and/or ensure the `SAM` database path
configured is valid and the application has file handles left.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2022-39282">CVE-2022-39282</a>
<p>FreeRDP based clients on unix systems using `/parallel` command line switch
might read uninitialized data and send it to the server the client is currently
connected to. FreeRDP based server implementations are not affected.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2023-39283">CVE-2023-39283</a>
<p>All FreeRDP based clients when using the `/video` command line switch might
read uninitialized data, decode it as audio/video and display the result.
FreeRDP based server implementations are not affected.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2022-39316">CVE-2022-39316</a>
<p>In affected versions there is an out of bound read in ZGFX decoder component of
FreeRDP. A malicious server can trick a FreeRDP based client to read out of
bound data and try to decode it likely resulting in a crash.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2022-39318">CVE-2022-39318</a>
<p>Affected versions of FreeRDP are missing input validation in `urbdrc` channel.
A malicious server can trick a FreeRDP based client to crash with division by
zero.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2022-39319">CVE-2022-39319</a>
<p>Affected versions of FreeRDP are missing input length validation in the
`urbdrc` channel. A malicious server can trick a FreeRDP based client to read
out of bound data and send it back to the server.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2022-39347">CVE-2022-39347</a>
<p>Affected versions of FreeRDP are missing path canonicalization and base path
check for `drive` channel. A malicious server can trick a FreeRDP based client
to read files outside the shared directory.</p></li>
<li><a href="https://security-tracker.debian.org/tracker/CVE-2022-41877">CVE-2022-41877</a>
<p>Affected versions of FreeRDP are missing input length validation in `drive`
channel. A malicious server can trick a FreeRDP based client to read out of
bound data and send it back to the server.</p>
<p>For Debian 10 buster, these problems have been fixed in version
2.3.0+dfsg1-2+deb10u4.</p>
<p>We recommend that you upgrade your freerdp2 packages.</p>
<p>For the detailed security status of freerdp2 please refer to
its security tracker page at:
<a href="https://security-tracker.debian.org/tracker/freerdp2">https://security-tracker.debian.org/tracker/freerdp2</a></p>
<p>Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <a href="https://wiki.debian.org/LTS">https://wiki.debian.org/LTS</a></p></li>
</ul>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/lts/security/2023/dla-3654.data"
# $Id: $
|