Source: freerdp2 Version: 2.8.1+dfsg1-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for freerdp2. CVE-2022-39316[0]: | FreeRDP is a free remote desktop protocol library and clients. In | affected versions there is an out of bound read in ZGFX decoder | component of FreeRDP. A malicious server can trick a FreeRDP based | client to read out of bound data and try to decode it likely resulting | in a crash. This issue has been addressed in the 2.9.0 release. Users | are advised to upgrade. CVE-2022-39317[1]: | FreeRDP is a free remote desktop protocol library and clients. | Affected versions of FreeRDP are missing a range check for input | offset index in ZGFX decoder. A malicious server can trick a FreeRDP | based client to read out of bound data and try to decode it. This | issue has been addressed in version 2.9.0. There are no known | workarounds for this issue. CVE-2022-39318[2]: | FreeRDP is a free remote desktop protocol library and clients. | Affected versions of FreeRDP are missing input validation in `urbdrc` | channel. A malicious server can trick a FreeRDP based client to crash | with division by zero. This issue has been addressed in version 2.9.0. | All users are advised to upgrade. Users unable to upgrade should not | use the `/usb` redirection switch. CVE-2022-39319[3]: | FreeRDP is a free remote desktop protocol library and clients. | Affected versions of FreeRDP are missing input length validation in | the `urbdrc` channel. A malicious server can trick a FreeRDP based | client to read out of bound data and send it back to the server. This | issue has been addressed in version 2.9.0 and all users are advised to | upgrade. Users unable to upgrade should not use the `/usb` redirection | switch. CVE-2022-39320[4]: | FreeRDP is a free remote desktop protocol library and clients. | Affected versions of FreeRDP may attempt integer addition on too | narrow types leads to allocation of a buffer too small holding the | data written. A malicious server can trick a FreeRDP based client to | read out of bound data and send it back to the server. This issue has | been addressed in version 2.9.0 and all users are advised to upgrade. | Users unable to upgrade should not use the `/usb` redirection switch. CVE-2022-39347[5]: | FreeRDP is a free remote desktop protocol library and clients. | Affected versions of FreeRDP are missing path canonicalization and | base path check for `drive` channel. A malicious server can trick a | FreeRDP based client to read files outside the shared directory. This | issue has been addressed in version 2.9.0 and all users are advised to | upgrade. Users unable to upgrade should not use the `/drive`, | `/drives` or `+home-drive` redirection switch. CVE-2022-41877[6]: | FreeRDP is a free remote desktop protocol library and clients. | Affected versions of FreeRDP are missing input length validation in | `drive` channel. A malicious server can trick a FreeRDP based client | to read out of bound data and send it back to the server. This issue | has been addressed in version 2.9.0 and all users are advised to | upgrade. Users unable to upgrade should not use the drive redirection | channel - command line options `/drive`, `+drives` or `+home-drive`. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-39316 https://www.cve.org/CVERecord?id=CVE-2022-39316 [1] https://security-tracker.debian.org/tracker/CVE-2022-39317 https://www.cve.org/CVERecord?id=CVE-2022-39317 [2] https://security-tracker.debian.org/tracker/CVE-2022-39318 https://www.cve.org/CVERecord?id=CVE-2022-39318 [3] https://security-tracker.debian.org/tracker/CVE-2022-39319 https://www.cve.org/CVERecord?id=CVE-2022-39319 [4] https://security-tracker.debian.org/tracker/CVE-2022-39320 https://www.cve.org/CVERecord?id=CVE-2022-39320 [5] https://security-tracker.debian.org/tracker/CVE-2022-39347 https://www.cve.org/CVERecord?id=CVE-2022-39347 [6] https://security-tracker.debian.org/tracker/CVE-2022-41877 https://www.cve.org/CVERecord?id=CVE-2022-41877 Regards, Salvatore