Advisories » MGASA-2020-0338

Updated freerdp packages fix security vulnerability

Publication date: 18 Aug 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-16135

Description

Integer overflow due to missing input sanitation in rdpegfx channel. The input
rectangles from the server are not checked against local surface coordinates
and blindly accepted. A malicious server can send data that will crash the
client later on (invalid length arguments to a memcpy) (CVE-2020-15103).

The freerdp package has been updated to version 2.2.0, fixing this issue and
other bugs.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=27047
• https://github.com/FreeRDP/FreeRDP/releases/tag/2.2.0
• https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16135

SRPMS

7/core

• freerdp-2.2.0-1.mga7