Advisories » MGASA-2021-0522

Updated freerdp packages fix security vulnerability

Publication date: 25 Nov 2021
Modification date: 25 Nov 2021
Type: security
Affected Mageia releases : 8
CVE: CVE-2021-41159 , CVE-2021-41160

Description

All FreeRDP clients prior to version 2.4.1 using gateway connections
('/gt:rpc') fail to validate input data. A malicious gateway might allow
client memory to be written out of bounds. This issue has been resolved in
version 2.4.1. If you are unable to update then use `/gt:http` rather than
/gt:rdp connections if possible or use a direct connection without a
gateway. (CVE-2021-41159)

In affected versions a malicious server might trigger out of bound writes
in a connected client. Connections using GDI or SurfaceCommands to send
graphics updates to the client might send `0` width/height or out of bound
rectangles to trigger out of bound writes. With `0` width or heigth the
memory allocation will be `0` but the missing bounds checks allow writing
to the pointer at this (not allocated) region. This issue has been patched
in FreeRDP 2.4.1. (CVE-2021-41160)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=29654
• https://access.redhat.com/errata/RHSA-2021:4622
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41159
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41160

SRPMS

8/core

• freerdp-2.2.0-1.1.mga8