Headline
Ubuntu Security Notice USN-5734-1
Ubuntu Security Notice 5734-1 - It was discovered that FreeRDP incorrectly handled certain data lenghts. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. It was discovered that FreeRDP incorrectly handled certain data lenghts. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information.
==========================================================================Ubuntu Security Notice USN-5734-1November 22, 2022freerdp2 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in FreeRDP.Software Description:- freerdp2: RDP client for Windows Terminal ServicesDetails:It was discovered that FreeRDP incorrectly handled certain data lenghts. Amalicious server could use this issue to cause FreeRDP clients to crash,resulting in a denial of service, or possibly obtain sensitive information.This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu22.04 LTS. (CVE-2022-39282, CVE-2022-39283)It was discovered that FreeRDP incorrectly handled certain data lenghts. Amalicious server could use this issue to cause FreeRDP clients to crash,resulting in a denial of service, or possibly obtain sensitive information.(CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319,CVE-2022-39320)It was discovered that FreeRDP incorrectly handled certain path checks. Amalicious server could use this issue to cause FreeRDP clients to readfiles outside of the shared directory. (CVE-2022-39347)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.10: libfreerdp-client2-2 2.8.1+dfsg1-0ubuntu1.1 libfreerdp-server2-2 2.8.1+dfsg1-0ubuntu1.1Ubuntu 22.04 LTS: libfreerdp-client2-2 2.6.1+dfsg1-3ubuntu2.3 libfreerdp-server2-2 2.6.1+dfsg1-3ubuntu2.3Ubuntu 20.04 LTS: libfreerdp-client2-2 2.2.0+dfsg1-0ubuntu0.20.04.4 libfreerdp-server2-2 2.2.0+dfsg1-0ubuntu0.20.04.4Ubuntu 18.04 LTS: libfreerdp-client2-2 2.2.0+dfsg1-0ubuntu0.18.04.4 libfreerdp-server2-2 2.2.0+dfsg1-0ubuntu0.18.04.4After a standard system update you need to reboot your computer to makeall the necessary changes.References: https://ubuntu.com/security/notices/USN-5734-1 CVE-2022-39282, CVE-2022-39283, CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319, CVE-2022-39320, CVE-2022-39347Package Information: https://launchpad.net/ubuntu/+source/freerdp2/2.8.1+dfsg1-0ubuntu1.1 https://launchpad.net/ubuntu/+source/freerdp2/2.6.1+dfsg1-3ubuntu2.3 https://launchpad.net/ubuntu/+source/freerdp2/2.2.0+dfsg1-0ubuntu0.20.04.4 https://launchpad.net/ubuntu/+source/freerdp2/2.2.0+dfsg1-0ubuntu0.18.04.4
Related news
Gentoo Linux Security Advisory 202401-16 - Multiple vulnerabilities have been discovered in FreeRDP, the worst of which could result in code execution. Versions greater than or equal to 2.11.0 are affected.
Red Hat Security Advisory 2023-2851-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include buffer overflow and out of bounds read vulnerabilities.
An update for freerdp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-39282: A vulnerability was found in FreeRDP where clients on UNIX systems using /parallel command line switch might read uninitialized data and send it to the client's server. The vulnerability allows a remote attacker to gain access to sensitive information. * CVE-2022-39283: A vulnerability was found in FreeRDP where all clients using the /video comma...
An update for freerdp is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-39282: A vulnerability was found in FreeRDP where clients on UNIX systems using /parallel command line switch might read uninitialized data and send it to the client's server. The vulnerability allows a remote attacker to gain access to sensitive information. * CVE-2022-39283: A vulnerability was found in FreeRDP where all clients using the /video comma...
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX decoder. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it. This issue has been addressed in version 2.9.0. There are no known workarounds for this issue.
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc` channel. A malicious server can trick a FreeRDP based client to crash with division by zero. This issue has been addressed in version 2.9.0. All users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the `urbdrc` channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch.
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for `drive` channel. A malicious server can trick a FreeRDP based client to read files outside the shared directory. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/drive`, `/drives` or `+home-drive` redirection switch.
FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade.
FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch.
FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch.