Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2021-0522)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2021.0522

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2021-0522)

Zusammenfassung: The remote host is missing an update for the 'freerdp' package(s) announced via the MGASA-2021-0522 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'freerdp' package(s) announced via the MGASA-2021-0522 advisory.

Vulnerability Insight:
All FreeRDP clients prior to version 2.4.1 using gateway connections
('/gt:rpc') fail to validate input data. A malicious gateway might allow
client memory to be written out of bounds. This issue has been resolved in
version 2.4.1. If you are unable to update then use `/gt:http` rather than
/gt:rdp connections if possible or use a direct connection without a
gateway. (CVE-2021-41159)

In affected versions a malicious server might trigger out of bound writes
in a connected client. Connections using GDI or SurfaceCommands to send
graphics updates to the client might send `0` width/height or out of bound
rectangles to trigger out of bound writes. With `0` width or height the
memory allocation will be `0` but the missing bounds checks allow writing
to the pointer at this (not allocated) region. This issue has been patched
in FreeRDP 2.4.1. (CVE-2021-41160)

Affected Software/OS:
'freerdp' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2021-41159
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWJXQOWKNR7O5HM2HFJOM4GBUFPTE3RG/
https://security.gentoo.org/glsa/202210-24
Common Vulnerability Exposure (CVE) ID: CVE-2021-41160
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7c9r-6r2q-93qg
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXCR73EDVPLI6TRWRAWJCJ7OBYDKBB74/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIZUPVRGCWUDAPDOQVUGUIYUO7UWKMXX/
https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2021.0522
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2021-0522)
Zusammenfassung:	The remote host is missing an update for the 'freerdp' package(s) announced via the MGASA-2021-0522 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'freerdp' package(s) announced via the MGASA-2021-0522 advisory. Vulnerability Insight: All FreeRDP clients prior to version 2.4.1 using gateway connections ('/gt:rpc') fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway. (CVE-2021-41159) In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or height the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1. (CVE-2021-41160) Affected Software/OS: 'freerdp' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2021-41159 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vh34-m9h7-95xq https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWJXQOWKNR7O5HM2HFJOM4GBUFPTE3RG/ https://security.gentoo.org/glsa/202210-24 Common Vulnerability Exposure (CVE) ID: CVE-2021-41160 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7c9r-6r2q-93qg https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXCR73EDVPLI6TRWRAWJCJ7OBYDKBB74/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WIZUPVRGCWUDAPDOQVUGUIYUO7UWKMXX/ https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html
Copyright	Copyright (C) 2022 Greenbone AG