[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1024511: marked as done (freerdp2: CVE-2022-39316 CVE-2022-39317 CVE-2022-39318 CVE-2022-39319 CVE-2022-39320 CVE-2022-39347 CVE-2022-41877)



Your message dated Mon, 28 Nov 2022 09:34:13 +0000
with message-id <E1ozaWj-0028nJ-26@fasolo.debian.org>
and subject line Bug#1024511: fixed in freerdp2 2.9.0+dfsg1-1
has caused the Debian Bug report #1024511,
regarding freerdp2: CVE-2022-39316 CVE-2022-39317 CVE-2022-39318 CVE-2022-39319 CVE-2022-39320 CVE-2022-39347 CVE-2022-41877
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1024511: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024511
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Source: freerdp2
Version: 2.8.1+dfsg1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

Hi,

The following vulnerabilities were published for freerdp2.

CVE-2022-39316[0]:
| FreeRDP is a free remote desktop protocol library and clients. In
| affected versions there is an out of bound read in ZGFX decoder
| component of FreeRDP. A malicious server can trick a FreeRDP based
| client to read out of bound data and try to decode it likely resulting
| in a crash. This issue has been addressed in the 2.9.0 release. Users
| are advised to upgrade.


CVE-2022-39317[1]:
| FreeRDP is a free remote desktop protocol library and clients.
| Affected versions of FreeRDP are missing a range check for input
| offset index in ZGFX decoder. A malicious server can trick a FreeRDP
| based client to read out of bound data and try to decode it. This
| issue has been addressed in version 2.9.0. There are no known
| workarounds for this issue.


CVE-2022-39318[2]:
| FreeRDP is a free remote desktop protocol library and clients.
| Affected versions of FreeRDP are missing input validation in `urbdrc`
| channel. A malicious server can trick a FreeRDP based client to crash
| with division by zero. This issue has been addressed in version 2.9.0.
| All users are advised to upgrade. Users unable to upgrade should not
| use the `/usb` redirection switch.


CVE-2022-39319[3]:
| FreeRDP is a free remote desktop protocol library and clients.
| Affected versions of FreeRDP are missing input length validation in
| the `urbdrc` channel. A malicious server can trick a FreeRDP based
| client to read out of bound data and send it back to the server. This
| issue has been addressed in version 2.9.0 and all users are advised to
| upgrade. Users unable to upgrade should not use the `/usb` redirection
| switch.


CVE-2022-39320[4]:
| FreeRDP is a free remote desktop protocol library and clients.
| Affected versions of FreeRDP may attempt integer addition on too
| narrow types leads to allocation of a buffer too small holding the
| data written. A malicious server can trick a FreeRDP based client to
| read out of bound data and send it back to the server. This issue has
| been addressed in version 2.9.0 and all users are advised to upgrade.
| Users unable to upgrade should not use the `/usb` redirection switch.


CVE-2022-39347[5]:
| FreeRDP is a free remote desktop protocol library and clients.
| Affected versions of FreeRDP are missing path canonicalization and
| base path check for `drive` channel. A malicious server can trick a
| FreeRDP based client to read files outside the shared directory. This
| issue has been addressed in version 2.9.0 and all users are advised to
| upgrade. Users unable to upgrade should not use the `/drive`,
| `/drives` or `+home-drive` redirection switch.


CVE-2022-41877[6]:
| FreeRDP is a free remote desktop protocol library and clients.
| Affected versions of FreeRDP are missing input length validation in
| `drive` channel. A malicious server can trick a FreeRDP based client
| to read out of bound data and send it back to the server. This issue
| has been addressed in version 2.9.0 and all users are advised to
| upgrade. Users unable to upgrade should not use the drive redirection
| channel - command line options `/drive`, `+drives` or `+home-drive`.


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-39316
    https://www.cve.org/CVERecord?id=CVE-2022-39316
[1] https://security-tracker.debian.org/tracker/CVE-2022-39317
    https://www.cve.org/CVERecord?id=CVE-2022-39317
[2] https://security-tracker.debian.org/tracker/CVE-2022-39318
    https://www.cve.org/CVERecord?id=CVE-2022-39318
[3] https://security-tracker.debian.org/tracker/CVE-2022-39319
    https://www.cve.org/CVERecord?id=CVE-2022-39319
[4] https://security-tracker.debian.org/tracker/CVE-2022-39320
    https://www.cve.org/CVERecord?id=CVE-2022-39320
[5] https://security-tracker.debian.org/tracker/CVE-2022-39347
    https://www.cve.org/CVERecord?id=CVE-2022-39347
[6] https://security-tracker.debian.org/tracker/CVE-2022-41877
    https://www.cve.org/CVERecord?id=CVE-2022-41877

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: freerdp2
Source-Version: 2.9.0+dfsg1-1
Done: Mike Gabriel <sunweaver@debian.org>

We believe that the bug you reported is fixed in the latest version of
freerdp2, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1024511@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Gabriel <sunweaver@debian.org> (supplier of updated freerdp2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 28 Nov 2022 09:51:57 +0100
Source: freerdp2
Architecture: source
Version: 2.9.0+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Remote Maintainers <debian-remote@lists.debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Closes: 1024511 1024758
Changes:
 freerdp2 (2.9.0+dfsg1-1) unstable; urgency=medium
 .
   * New upstream release. (Closes: #1024511).
     - CVE-2022-39316: Resolve out of bound read in ZGFX decoder component.
     - CVE-2022-39317: Resolve missing a range check for input offset index
       in ZGFX decoder.
     - CVE-2022-39318: Resolve missing input validation in `urbdrc` channel.
     - CVE-2022-39319: Resolve missing input length validation in the `urbdrc`
       channel
     - CVE-2022-39320: Resolve attempting integer addition on too narrow types
       leading to allocation of a buffer too small holding the data written.
     - CVE-2022-39347: Resolve missing path canonicalization and base path check
       for `drive` channel.
     - CVE-2022-41877: Resolv missing input length validation in `drive` channel.
     - Test if packages' executables can be run without 'undefined symbol:
       winpr_PathMakePath' error. (Closes: #1024758).
   * debian/copyright:
     + Update auto-generated copyright.in file.
     + Update copyright attributions.
   * debian/*.symbols:
     + Update .symbols files.
Checksums-Sha1:
 4834f50dc481c1a3cdd2d181a8ce6ced4a1ffaba 3498 freerdp2_2.9.0+dfsg1-1.dsc
 3d5e362ad4be0107c08f459b345e732ac83e56da 2262664 freerdp2_2.9.0+dfsg1.orig.tar.xz
 72626512b0c5c9f122d684b2803d4f0af546a5d7 43236 freerdp2_2.9.0+dfsg1-1.debian.tar.xz
 3210a70ec806c78d0ebd2aa1b92116ae6763d815 14073 freerdp2_2.9.0+dfsg1-1_source.buildinfo
Checksums-Sha256:
 fba238c9e034cfa28110af5739bf8ab93ca85f80b836631036e4054f3856b43e 3498 freerdp2_2.9.0+dfsg1-1.dsc
 aaa44414f332bbaf15193fbab581ca066b6de1b953398c6c8a16d8445f6f9584 2262664 freerdp2_2.9.0+dfsg1.orig.tar.xz
 a5e300e5487b20110813f351a8f239bf9b12804019bf1872f8a8fc8c94571af8 43236 freerdp2_2.9.0+dfsg1-1.debian.tar.xz
 bfd835022800352f494622c0e56e7f9890a152b212e2d56b69fae91fb9a5796d 14073 freerdp2_2.9.0+dfsg1-1_source.buildinfo
Files:
 ca076bd968af75b585bca40a0c8affc9 3498 x11 optional freerdp2_2.9.0+dfsg1-1.dsc
 f6cca66e0dbaa6461963be8c93a1a34e 2262664 x11 optional freerdp2_2.9.0+dfsg1.orig.tar.xz
 e687bfa41ffcd650b52241aea4fb00f4 43236 x11 optional freerdp2_2.9.0+dfsg1-1.debian.tar.xz
 9288944d85c6d441e5e55a3f0e1b616f 14073 x11 optional freerdp2_2.9.0+dfsg1-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAmOEe9oVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxMQkP/ii1/aXYbMzPY+bijzUFpgXH7d0u
JgWIHFl/LcwgfY0JdT+TSA7bMAq/fLVp3CqUNpp6Yidwi03JosfGzsXA3cU5msb8
chCmhy7n4c+UJqhiXuVGhc4hgIw08/qVqqogaIbP4VXUZt8PyWhSCwg65UVRw8U9
PP699TyQ/uInX/PLD43kuK4BXZmBZVZHZjn9SGj3+5DfEYA0JRHHtIewEPXE5PBA
F6N/XwvvhQL7XpES2BTToBVRR33DpnfZjZ7FqsIuoSoxBZ5kFYQa3KbTyl+UQy7U
Rp3sW7O1eccGHjXsR/GHxw/VRNthBOrzCA3yP4pvwWoOBdR2Q9pDtB8X5Iq7uKZv
kxDJT0VGqnIPORCqCKqjy25+T99RYkMJ6EHElVquWW9soyT3d+wgWWsXlEuce5sZ
Q1SiyIg1t4PtBMfOS5G0+5/ZDykxQhUBTaMUfmlcZkRE4yfhn9uqyRVzp973qkBH
Mxp0QBSyF1++bz3COT1iRovWaTOaJikXsU6wvlZmr0wwl7YjKt3kw0pfNM+8wlee
mIBCpt6gMkeWx4CXLmI+QPOHLXlcwtUv0mBRWZSJKrM1MdWS+lqX5WzuSogw5flx
82BirFLXWE1IF9JqYlgSB6k0QP3xa9mC2jDI6/xUztrQLDoYQFPjFwQhz+Uatkx7
yGKXUFLj9G5nCrKR
=JYnP
-----END PGP SIGNATURE-----

--- End Message ---

Reply to: