freerdp-2.11.7-1.el9_7.2
エラータID: AXSA:2026-233:05
リリース日:
2026/02/27 Friday - 16:24
題名:
freerdp-2.11.7-1.el9_7.2
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- FreeRDP には、メモリ領域の範囲外読み取りの問題があるため、
リモートの攻撃者により、情報の漏洩、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2026-22855)
- FreeRDP の Base64 デコード処理には、char 型の符号の有無の
取り違えに起因したメモリ領域の範囲外書き込みの問題があるため、
リモートの攻撃者により、情報の漏洩、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2026-22858)
- FreeRDP には、メモリ領域の範囲外読み取りの問題があるため、
リモートの攻撃者により、情報の漏洩、およびサービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2026-22859)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-22855
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1.
CVE-2026-22858
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c <= 0 can be optimized into a simple c != 0 check. As a result, non-ASCII bytes (e.g., 0x80-0xFF) may bypass the intended range restriction and be used as an index into a global lookup table, causing out-of-bounds access. This vulnerability is fixed in 3.20.1.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c <= 0 can be optimized into a simple c != 0 check. As a result, non-ASCII bytes (e.g., 0x80-0xFF) may bypass the intended range restriction and be used as an index into a global lookup table, causing out-of-bounds access. This vulnerability is fixed in 3.20.1.
CVE-2026-22859
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server‑supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them as indices in libusb_udev_complete_msconfig_setup, causing an out‑of‑bounds read. This vulnerability is fixed in 3.20.1.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, the URBDRC client does not perform bounds checking on server‑supplied MSUSB_INTERFACE_DESCRIPTOR values and uses them as indices in libusb_udev_complete_msconfig_setup, causing an out‑of‑bounds read. This vulnerability is fixed in 3.20.1.
追加情報:
N/A
ダウンロード:
SRPMS
- freerdp-2.11.7-1.el9_7.2.src.rpm
MD5: 68e7b97c125b4ee878ee4a055b50b553
SHA-256: 75a6bbb7b82f0bd011399269c80cbf994da0052f04f7b7e4c25112ca2d6d3a43
Size: 7.00 MB
Asianux Server 9 for x86_64
- freerdp-2.11.7-1.el9_7.2.x86_64.rpm
MD5: 68e1fd55ebbc031a8e898415495b2608
SHA-256: 47d6c7ff7a12b3163bbabcfac79ddd13487cb49c0c6dd5118c25769dcb1e49e1
Size: 111.11 kB - freerdp-devel-2.11.7-1.el9_7.2.i686.rpm
MD5: ee2dfa9c57bea0947175f3f194e770de
SHA-256: 581ee3ce8bd2253abd965b4c6b1fdece0cae979f33d70fa123bbff47aa671ed4
Size: 175.42 kB - freerdp-devel-2.11.7-1.el9_7.2.x86_64.rpm
MD5: 1b61cd690f12cef5bc573d2cd9fe304d
SHA-256: dc72543f55e0fe5b4f5760c07aa973cecbf14b94320f3509c60509955b657af3
Size: 175.43 kB - freerdp-libs-2.11.7-1.el9_7.2.i686.rpm
MD5: d390299015c1958d89b298e47d878980
SHA-256: cbbb8c7c1b695fa67bad67cec59551e943c7d57930133a7957b0f409fbf9b65c
Size: 848.64 kB - freerdp-libs-2.11.7-1.el9_7.2.x86_64.rpm
MD5: 7b5ee87b2c2094b8ac3487d759412808
SHA-256: 5cf657061a94f76c722bbd2226f1d036c8174fa3176ae495520282bb43f9304e
Size: 904.33 kB - libwinpr-2.11.7-1.el9_7.2.i686.rpm
MD5: a35f09099e78703e3bf5f2c83d39653f
SHA-256: 8a0a97f779ec36469e7b326686408fda222ce0b7f9023dd568554f5e0aead84d
Size: 338.20 kB - libwinpr-2.11.7-1.el9_7.2.x86_64.rpm
MD5: ee91df153b1b5b5fffc96d8ca2ec4e0b
SHA-256: 2fd2bba05a9c962c2af1ff3b5e44cfffd209a553ecf9ef05ba4c13f5bd869586
Size: 353.67 kB - libwinpr-devel-2.11.7-1.el9_7.2.i686.rpm
MD5: 48d98862100896b8e71e683dff142a4b
SHA-256: 43c52ad27c2db7cd5726886a138eb28405721a67cfb2d3db4ee9564384b97426
Size: 181.29 kB - libwinpr-devel-2.11.7-1.el9_7.2.x86_64.rpm
MD5: ce14f68849f76a03a1879abddb9db0ea
SHA-256: 63ec0c6a1f4951609655fb057614edadbf0d669f91929cc5ad5196beb86d36c2
Size: 181.30 kB
English