Test ID:	1.3.6.1.4.1.25623.1.1.12.2022.5734.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-5734-1)
Summary:	The remote host is missing an update for the 'freerdp2' package(s) announced via the USN-5734-1 advisory.
Description:	Summary: The remote host is missing an update for the 'freerdp2' package(s) announced via the USN-5734-1 advisory. Vulnerability Insight: It was discovered that FreeRDP incorrectly handled certain data lenghts. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-39282, CVE-2022-39283) It was discovered that FreeRDP incorrectly handled certain data lenghts. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information. (CVE-2022-39316, CVE-2022-39317, CVE-2022-39318, CVE-2022-39319, CVE-2022-39320) It was discovered that FreeRDP incorrectly handled certain path checks. A malicious server could use this issue to cause FreeRDP clients to read files outside of the shared directory. (CVE-2022-39347) Affected Software/OS: 'freerdp2' package(s) on Ubuntu 18.04, Ubuntu 20.04, Ubuntu 22.04, Ubuntu 22.10. Solution: Please install the updated package(s). CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-39282 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLZCF7YHNC5BECDPEJNAZUYGNNM7NFME/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HEWWYMGWIMD4RDCOGHWMZXUMBGZHC5NW/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UDOTAOJBCZKREZJPT6VZ25GESI5T6RBG/ https://security.gentoo.org/glsa/202210-24 https://github.com/FreeRDP/FreeRDP/releases/tag/2.8.1 https://lists.debian.org/debian-lts-announce/2023/11/msg00010.html Common Vulnerability Exposure (CVE) ID: CVE-2022-39283 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6cf9-3328-qrvh Common Vulnerability Exposure (CVE) ID: CVE-2022-39316 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5w4j-mrrh-jjrm https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/ https://security.gentoo.org/glsa/202401-16 https://github.com/FreeRDP/FreeRDP/commit/e865c24efc40ebc52e75979c94cdd4ee2c1495b0 Common Vulnerability Exposure (CVE) ID: CVE-2022-39317 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-99cm-4gw7-c8jh Common Vulnerability Exposure (CVE) ID: CVE-2022-39318 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-387j-8j96-7q35 https://github.com/FreeRDP/FreeRDP/commit/80adde17ddc4b596ed1dae0922a0c54ab3d4b8ea Common Vulnerability Exposure (CVE) ID: CVE-2022-39319 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mvxm-wfj2-5fvh https://github.com/FreeRDP/FreeRDP/commit/11555828d2cf289b350baba5ad1f462f10b80b76 Common Vulnerability Exposure (CVE) ID: CVE-2022-39320 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qfq2-82qr-7f4j Common Vulnerability Exposure (CVE) ID: CVE-2022-39347 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c5xq-8v35-pffg https://github.com/FreeRDP/FreeRDP/commit/027424c2c6c0991cb9c22f9511478229c9b17e5d
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.