An update for freerdp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2022-1657
Final
1.0
1.0
2022-05-18
Initial
2022-05-18
2022-05-18
openEuler SA Tool V1.0
2022-05-18
freerdp security update
An update for freerdp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
FreeRDP is a client implementation of the Remote Desktop Protocol (RDP) that follows Microsoft's open specifications. This package provides the client applications xfreerdp and wlfreerdp.
Security Fix(es):
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left.(CVE-2022-24883)
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.(CVE-2022-24882)
An update for freerdp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS.
openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Critical
freerdp
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1657
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-24883
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-24882
https://nvd.nist.gov/vuln/detail/CVE-2022-24883
https://nvd.nist.gov/vuln/detail/CVE-2022-24882
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
freerdp-2.7.0-1.oe1.aarch64.rpm
freerdp-debuginfo-2.7.0-1.oe1.aarch64.rpm
freerdp-debugsource-2.7.0-1.oe1.aarch64.rpm
freerdp-devel-2.7.0-1.oe1.aarch64.rpm
freerdp-help-2.7.0-1.oe1.aarch64.rpm
libwinpr-2.7.0-1.oe1.aarch64.rpm
libwinpr-devel-2.7.0-1.oe1.aarch64.rpm
freerdp-2.7.0-1.oe1.aarch64.rpm
freerdp-debuginfo-2.7.0-1.oe1.aarch64.rpm
freerdp-debugsource-2.7.0-1.oe1.aarch64.rpm
freerdp-devel-2.7.0-1.oe1.aarch64.rpm
freerdp-help-2.7.0-1.oe1.aarch64.rpm
libwinpr-2.7.0-1.oe1.aarch64.rpm
libwinpr-devel-2.7.0-1.oe1.aarch64.rpm
freerdp-2.7.0-1.oe2203.aarch64.rpm
freerdp-debuginfo-2.7.0-1.oe2203.aarch64.rpm
freerdp-debugsource-2.7.0-1.oe2203.aarch64.rpm
freerdp-devel-2.7.0-1.oe2203.aarch64.rpm
freerdp-help-2.7.0-1.oe2203.aarch64.rpm
libwinpr-2.7.0-1.oe2203.aarch64.rpm
libwinpr-devel-2.7.0-1.oe2203.aarch64.rpm
freerdp-2.7.0-1.oe1.src.rpm
freerdp-2.7.0-1.oe1.src.rpm
freerdp-2.7.0-1.oe2203.src.rpm
freerdp-2.7.0-1.oe1.x86_64.rpm
freerdp-debuginfo-2.7.0-1.oe1.x86_64.rpm
freerdp-debugsource-2.7.0-1.oe1.x86_64.rpm
freerdp-devel-2.7.0-1.oe1.x86_64.rpm
freerdp-help-2.7.0-1.oe1.x86_64.rpm
libwinpr-2.7.0-1.oe1.x86_64.rpm
libwinpr-devel-2.7.0-1.oe1.x86_64.rpm
freerdp-2.7.0-1.oe1.x86_64.rpm
freerdp-debuginfo-2.7.0-1.oe1.x86_64.rpm
freerdp-debugsource-2.7.0-1.oe1.x86_64.rpm
freerdp-devel-2.7.0-1.oe1.x86_64.rpm
freerdp-help-2.7.0-1.oe1.x86_64.rpm
libwinpr-2.7.0-1.oe1.x86_64.rpm
libwinpr-devel-2.7.0-1.oe1.x86_64.rpm
freerdp-2.7.0-1.oe2203.x86_64.rpm
freerdp-debuginfo-2.7.0-1.oe2203.x86_64.rpm
freerdp-debugsource-2.7.0-1.oe2203.x86_64.rpm
freerdp-devel-2.7.0-1.oe2203.x86_64.rpm
freerdp-help-2.7.0-1.oe2203.x86_64.rpm
libwinpr-2.7.0-1.oe2203.x86_64.rpm
libwinpr-devel-2.7.0-1.oe2203.x86_64.rpm
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left.
2022-05-18
CVE-2022-24883
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
Critical
9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
freerdp security update
2022-05-18
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1657
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.
2022-05-18
CVE-2022-24882
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
High
7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
freerdp security update
2022-05-18
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1657