freerdp-2.2.0-7.el8
エラータID: AXSA:2021-2822:04
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.
Security Fix(es):
* freerdp: improper client input validation for gateway connections allows to overwrite memory (CVE-2021-41159)
* freerdp: improper region checks in all clients allow out of bound write to memory (CVE-2021-41160)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2021-41159
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway.
CVE-2021-41160
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.
Update packages.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.
N/A
SRPMS
- freerdp-2.2.0-7.el8.src.rpm
MD5: c3307bae6756915e3dc162405ee7c7c7
SHA-256: eb0d89c2a8aa2bc2cbe0c98f30972ce1470b35921fb1a503c01b851d3caa7cd1
Size: 6.56 MB
Asianux Server 8 for x86_64
- freerdp-2.2.0-7.el8.x86_64.rpm
MD5: c38a1485dade8cb02b8a474e385b0918
SHA-256: 11379c9435ac56163c13fb0ae7fff5232a6f01cfe500ee62b93ea5e232517329
Size: 111.75 kB - freerdp-devel-2.2.0-7.el8.x86_64.rpm
MD5: ea29adeab821ab4c5d7b7ce0468d9ead
SHA-256: b0f6ea027c00b529487b6bc46e6509d1934ab8257d04f0adee1cbec9808edf57
Size: 137.21 kB - freerdp-libs-2.2.0-7.el8.x86_64.rpm
MD5: e45d006d8a9dab236cf1115a3ebdfcc3
SHA-256: 81e50c96fb7494f78d9fbe2f174a391dd494a125f12d0d1bb365bd8445979cc2
Size: 890.53 kB - libwinpr-2.2.0-7.el8.x86_64.rpm
MD5: fa578004b1f9153e48f1e7f1c4426148
SHA-256: 001254faf89d7a56f158af944cb734c8f41e8c9837b8c629cec6b9010e66523c
Size: 356.07 kB - libwinpr-devel-2.2.0-7.el8.x86_64.rpm
MD5: a5adba0102b069142fe41e2dea175460
SHA-256: 4fe57b17b833c2d01103ba9d80513397fbb9d0205235c5dda914d6137fe43ae9
Size: 172.30 kB - freerdp-devel-2.2.0-7.el8.i686.rpm
MD5: 8207055c96a7c8c889b095e7d2df168d
SHA-256: a71fa63376dfdd10f09415af6187c03dc13b29801e703ac88b76982f399495ee
Size: 137.21 kB - freerdp-libs-2.2.0-7.el8.i686.rpm
MD5: e9a0fde157d486084c00d2ae74dc044d
SHA-256: 46e7426f8bed65775c1558a13414c0e6e8f0440da3d177618bcd0f8731c17a82
Size: 840.80 kB - libwinpr-2.2.0-7.el8.i686.rpm
MD5: 4d09a790bdd76ac1205182db1c89ab9a
SHA-256: 0786f66928c8204ea618a803dded137241466619c9e5c28024ecf702f4159bf7
Size: 342.05 kB - libwinpr-devel-2.2.0-7.el8.i686.rpm
MD5: 7c03f81a41b03f2b3e61301371ec471e
SHA-256: 92e4cbbfe586b8d430fdb82cea779748f1992921d7619c34ae7a83fa7e4f3c88
Size: 172.32 kB