| Summary: | freerdp new security issue CVE-2022-41877 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, herman.viaene, nicolas.salguero, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | freerdp-2.2.0-1.4.mga8.src.rpm | CVE: | CVE-2022-41877 |
| Status comment: | |||
|
Description
David Walser
2022-12-16 16:00:19 CET
David Walser
2022-12-16 16:00:31 CET
Status comment:
(none) =>
Fixed upstream in 2.9.0 Suggested advisory: ======================== The updated packages fix a security vulnerability: Affected versions of FreeRDP are missing input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. (CVE-2022-41877) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41877 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/ ======================== Updated packages in core/updates_testing: ======================== freerdp-2.2.0-1.5.mga8 lib(64)freerdp2-2.2.0-1.5.mga8 lib(64)freerdp-devel-2.2.0-1.5.mga8 from SRPM: freerdp-2.2.0-1.5.mga8.src.rpm CVE:
(none) =>
CVE-2022-41877 MGA8-64 MATE on Acer Aspire 5253 No installation issues Followed bug 31136 Comment 5 with the same effect: viaew OK, no mouse control. As this is the same , OK then. CC:
(none) =>
herman.viaene Validating. Advisory in comment 1. Keywords:
(none) =>
validated_update
Dave Hodgins
2022-12-17 18:34:39 CET
CC:
(none) =>
davidwhodgins An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0474.html Resolution:
(none) =>
FIXED |