Fedora has issued an advisory today (December 16): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/ The issue is fixed upstream in 2.9.0.
Status comment: (none) => Fixed upstream in 2.9.0
Suggested advisory: ======================== The updated packages fix a security vulnerability: Affected versions of FreeRDP are missing input length validation in `drive` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. (CVE-2022-41877) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41877 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/ ======================== Updated packages in core/updates_testing: ======================== freerdp-2.2.0-1.5.mga8 lib(64)freerdp2-2.2.0-1.5.mga8 lib(64)freerdp-devel-2.2.0-1.5.mga8 from SRPM: freerdp-2.2.0-1.5.mga8.src.rpm
CVE: (none) => CVE-2022-41877Status comment: Fixed upstream in 2.9.0 => (none)CC: (none) => nicolas.salgueroStatus: NEW => ASSIGNEDAssignee: nicolas.salguero => qa-bugs
MGA8-64 MATE on Acer Aspire 5253 No installation issues Followed bug 31136 Comment 5 with the same effect: viaew OK, no mouse control. As this is the same , OK then.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA8-64-OK
Validating. Advisory in comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0474.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED