RedHat has issued an advisory on November 11: https://access.redhat.com/errata/RHSA-2021:4622 The issues are fixed upstream in 2.4.1. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 2.4.1
Hi, For Cauldron, freerdp-2.4.1-2.mga9 solves the issue. Best regards, Nico.
CC: (none) => nicolas.salgueroVersion: Cauldron => 8Whiteboard: MGA8TOO => (none)
Suggested advisory: ======================== The updated packages fix security vulnerabilities: All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway. (CVE-2021-41159) In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1. (CVE-2021-41160) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41159 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41160 https://access.redhat.com/errata/RHSA-2021:4622 ======================== Updated packages in core/updates_testing: ======================== freerdp-2.2.0-1.1.mga8 lib(64)freerdp-devel-2.2.0-1.1.mga8 lib(64)freerdp2-2.2.0-1.1.mga8 from SRPM: freerdp-2.2.0-1.1.mga8.src.rpm
Status comment: Fixed upstream in 2.4.1 => (none)Source RPM: freerdp-2.4.0-2.mga9.src.rpm => freerdp-2.2.0-1.mga8.src.rpmStatus: NEW => ASSIGNEDCVE: (none) => CVE-2021-41159, CVE-2021-41160Assignee: bugsquad => qa-bugs
Mageia 8 X64 Gnome # urpmi --media "Core Updates testing" freerdp Pour satisfaire les dépendances, les paquetages suivants vont être installés : Paquetage Version Révision Arch (média « Core Updates Testing ») freerdp 2.2.0 1.1.mga8 x86_64 lib64freerdp2 2.2.0 1.1.mga8 x86_64 un espace additionnel de 4.8Mo sera utilisé. 1.4Mo de paquets seront récupérés. Procéder à l'installation des 2 paquetages ? (O/n) o $MIRRORLIST: media/core/updates_testing/lib64freerdp2-2.2.0-1.1.mga8.x86_64.rpm $MIRRORLIST: media/core/updates_testing/freerdp-2.2.0-1.1.mga8.x86_64.rpm installation de freerdp-2.2.0-1.1.mga8.x86_64.rpm lib64freerdp2-2.2.0-1.1.mga8.x86_64.rpm depuis /var/cache/urpmi/rpms Préparation... ############################################# 1/2: lib64freerdp2 ############################################# 2/2: freerdp ############################################# Freerdp is installed but I can't lauch the application either with a terminal (command not found) or by the menu.
CC: (none) => hdetavernier
The command to launch is xfreerdp.
When in doubt, use rpm -q -l $package|grep bin/ # rpm -q -l freerdp|grep bin/ /usr/bin/freerdp-proxy /usr/bin/freerdp-shadow-cli /usr/bin/winpr-hash /usr/bin/winpr-makecert /usr/bin/wlfreerdp /usr/bin/xfreerdp
CC: (none) => davidwhodgins
Thanks David, xfreedrp works fine with command line and Windows 10.
Ok here, I have connected with windows server with remmina, all ok. I don't see issues for the moment.
CC: (none) => joselpddj
Installed and tested without issue. Don't usually use RDP so I did some quick tests by connecting to a Windows 10 in a QEMU/KVM VM. It worked as expected. No issues noticed. $ uname -a Linux marte 5.10.78-desktop-1.mga8 #1 SMP Sat Nov 6 13:40:04 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep freerdp freerdp-2.2.0-1.1.mga8 lib64freerdp2-2.2.0-1.1.mga8 $ xfreerdp /u:pclx /v:192.168.1.172 /w:1920 /h:1080 /f [16:10:35:737] [9422:9423] [INFO][com.freerdp.core] - freerdp_connect:freerdp_set_last_error_ex resetting error state [16:10:35:738] [9422:9423] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpdr [16:10:35:738] [9422:9423] [INFO][com.freerdp.client.common.cmdline] - loading channelEx rdpsnd [16:10:35:738] [9422:9423] [INFO][com.freerdp.client.common.cmdline] - loading channelEx cliprdr [16:10:35:084] [9422:9423] [INFO][com.freerdp.primitives] - primitives autodetect, using optimized [16:10:35:089] [9422:9423] [INFO][com.freerdp.core] - freerdp_tcp_is_hostname_resolvable:freerdp_set_last_error_ex resetting error state [16:10:35:089] [9422:9423] [INFO][com.freerdp.core] - freerdp_tcp_connect:freerdp_set_last_error_ex resetting error state [16:10:35:130] [9422:9423] [WARN][com.freerdp.crypto] - Certificate verification failure 'self signed certificate (18)' at stack position 0 [16:10:35:130] [9422:9423] [WARN][com.freerdp.crypto] - CN = marte-vm-windows-10 Password: [16:10:41:931] [9422:9423] [INFO][com.freerdp.gdi] - Local framebuffer format PIXEL_FORMAT_BGRX32 [16:10:41:931] [9422:9423] [INFO][com.freerdp.gdi] - Remote framebuffer format PIXEL_FORMAT_RGB16 [16:10:41:945] [9422:9423] [INFO][com.winpr.clipboard] - initialized POSIX local file subsystem [16:10:41:975] [9422:9423] [INFO][com.freerdp.channels.rdpsnd.client] - [static] Loaded fake backend for rdpsnd [16:10:48:299] [9422:9423] [INFO][com.freerdp.core] - rdp_set_error_info:freerdp_set_last_error_ex resetting error state [16:11:54:884] [9422:9423] [INFO][com.freerdp.core] - ERRINFO_RPC_INITIATED_DISCONNECT_BY_USER (0x0000000B):The disconnection was initiated by an administrative tool on the server running in the user's session. [16:11:54:884] [9422:9423] [ERROR][com.freerdp.core] - rdp_set_error_info:freerdp_set_last_error_ex ERRINFO_RPC_INITIATED_DISCONNECT_BY_USER [0x0001000B]
CC: (none) => mageia
Fedora has issued an advisory for this on November 17: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/DWJXQOWKNR7O5HM2HFJOM4GBUFPTE3RG/
MGA8-64 on GNOME The following 2 packages are going to be installed: - freerdp-2.2.0-1.1.mga8.x86_64 - lib64freerdp2-2.2.0-1.1.mga8.x86_64 no install issues $ xfreerdp -f 192.xx:3389 Full screen worked fine. I did not see any issues works for me.
Whiteboard: (none) => MGA8-64-OKCC: (none) => brtians1
Always happy to see lots of tests! Validating. Advisory in Comment 2.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0522.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED