1. Forum
  2. Usenet
  3. LINUX.GENTOO.ANNOUNCE

  • [gentoo-announce] [ GLSA 202210-24 ] FreeRDP: Multiple Vulnerabilities

    From glsamaker@gentoo.org@21:1/5 to All on Mon Oct 31 03:20:01 2022
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 202210-24
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    https://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Severity: Normal
    Title: FreeRDP: Multiple Vulnerabilities
    Date: October 31, 2022
    Bugs: #876905, #842231, #819534
    ID: 202210-24

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    Multiple vulenrabilities have been found in FreeRDP, the worst of which
    could result in remote code execution.

    Background
    ==========

    FreeRDP is a free implementation of the remote desktop protocol.

    Affected packages
    =================

    -------------------------------------------------------------------
    Package / Vulnerable / Unaffected
    -------------------------------------------------------------------
    1 net-misc/freerdp < 2.8.1 >= 2.8.1

    Description
    ===========

    Multiple vulnerabilities have been discovered in FreeRDP. Please review
    the CVE identifiers referenced below for details.

    Impact
    ======

    Please review the referenced CVE identifiers for details.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All FreeRDP users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-misc/freerdp-2.8.1"

    References
    ==========

    [ 1 ] CVE-2021-41159
    https://nvd.nist.gov/vuln/detail/CVE-2021-41159
    [ 2 ] CVE-2021-41160
    https://nvd.nist.gov/vuln/detail/CVE-2021-41160
    [ 3 ] CVE-2022-24882
    https://nvd.nist.gov/vuln/detail/CVE-2022-24882
    [ 4 ] CVE-2022-24883
    https://nvd.nist.gov/vuln/detail/CVE-2022-24883
    [ 5 ] CVE-2022-39282
    https://nvd.nist.gov/vuln/detail/CVE-2022-39282
    [ 6 ] CVE-2022-39283
    https://nvd.nist.gov/vuln/detail/CVE-2022-39283

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

    https://security.gentoo.org/glsa/202210-24

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License
    =======

    Copyright 2022 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmNfIhsACgkQFMQkOaVy +9lpwBAAy5Mgl9Wb176WXCZuKNOj5Om03MLuGKW8aMi9DEWBSzC4Pt1geKhM6Oca wCUmoEU3AQLwJV/Vljwz4x/i5+YaAZfPFT9rNiJgE4xdAESWFzQRqFMDmyVTCrr+ 20grb+OLrktU0eB7x7e4L+LAMLoj/+JOkMgEHYmjIg28naOC3dMYqBo6TAg11v/+ UE3nSHbypWQomy0P+GaOS8j6x7zOWXK4wYtuBknGSCenZ1zKTBZpLseQKGWo4gfh Bcpm2feNSa4y17dY5MXAVZgSyqqvSAfrAl8km9nWjGH8nh45pDyWHr1uBOy3dRuH 1s0W1bbi3NXJJn6rjiujbUzcfhq16CdDDE/M9vqs8gGtk543ahv0nsjoCMAQYUWG L2P2hvZ00ZQirwHayL/Prc0wBob3iXPIocvfeOlV9Vcpvq2tdB25puTUdi8UQDmp TLlSQtQEF8xR5v4+Kxe2jbiLeJj/olbbYNmdEe6SAN4RVIwao5g7tg1MfjbGO6wl MHQmz7xaaq75mZECJ1j/nkxdnb1AO25KdwWTJ7pPMgoXvC7Khns/1R6IIJRycWCD CNeObReck+Lf+8qpzeBx1f5/fB4TyWb6TsT9meAwu4Fjqmpx5DgyRkFewDscRjY5 xw1/soEXPO7W05ArY1uZ1A/HtcK0sbkGmlHFHYs+Jba2TPRDxwk=
    =xZaj
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)