Advisories ยป MGASA-2020-0338

Updated freerdp packages fix security vulnerability

Publication date: 18 Aug 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-16135


Integer overflow due to missing input sanitation in rdpegfx channel. The input
rectangles from the server are not checked against local surface coordinates
and blindly accepted. A malicious server can send data that will crash the
client later on (invalid length arguments to a memcpy) (CVE-2020-15103).

The freerdp package has been updated to version 2.2.0, fixing this issue and
other bugs.