Updated freerdp packages fix security vulnerability
Publication date: 18 Aug 2020Modification date: 18 Aug 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-16135
Description
Integer overflow due to missing input sanitation in rdpegfx channel. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a memcpy) (CVE-2020-15103). The freerdp package has been updated to version 2.2.0, fixing this issue and other bugs.
References
SRPMS
7/core
- freerdp-2.2.0-1.mga7