Ubuntu has issued an advisory on March 11: https://ubuntu.com/security/notices/USN-7341-1 Fix: https://salsa.debian.org/debian-remote-team/freerdp2/-/blob/master/debian/patches/CVE-2024-32661.patch?ref_type=heads
Source RPM: (none) => freerdp-2.11.7-2.mga10.src.rpm, freerdp-2.11.7-1.mga9.src.rpmStatus comment: (none) => Patch available from DebianWhiteboard: (none) => MGA9TOOCVE: (none) => CVE-2024-32661
Thanks for the fix pointer. Assigning directly to DavidG as you are the visible packager for this.
Assignee: bugsquad => geiger.david68210
Suggested advisory: ======================== The updated packages fix a security vulnerability: FreeRDP rdp_write_logon_info_v1 NULL access. (CVE-2024-32661) References: https://ubuntu.com/security/notices/USN-7341-1 ======================== Updated packages in core/updates_testing: ======================== freerdp-2.11.7-1.1.mga9 lib(64)freerdp2-2.11.7-1.1.mga9 lib(64)freerdp-devel-2.11.7-1.1.mga9 from SRPM: freerdp-2.11.7-1.1.mga9.src.rpm
Status comment: Patch available from Debian => (none)Source RPM: freerdp-2.11.7-2.mga10.src.rpm, freerdp-2.11.7-1.mga9.src.rpm => freerdp-2.11.7-1.mga9.src.rpmStatus: NEW => ASSIGNEDAssignee: geiger.david68210 => qa-bugs
Whiteboard: MGA9TOO => (none)Keywords: (none) => advisoryVersion: Cauldron => 9
Xfce, MGA9-64 on old Chromebook Installed freerdp and lib64freerdp Connected to a virtualbox instance using $ xfreerdp -f <ip> worked as expected.
Whiteboard: (none) => MGA9-64-OKCC: (none) => brtians1
Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0108.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED