MGASA-2022-0474

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2022-0474.html

Import Source

https://advisories.mageia.org/MGASA-2022-0474.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2022-0474

Related

CVE-2022-41877

Published

2022-12-17T18:48:08Z

Modified

2022-12-17T17:49:53Z

Summary

Updated freerdp packages fix security vulnerability

Details

Affected versions of FreeRDP are missing input length validation in 'drive' channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. (CVE-2022-41877)

References

https://advisories.mageia.org/MGASA-2022-0474.html
https://bugs.mageia.org/show_bug.cgi?id=31290
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YGQN3OWQNHSMWKOF4D35PF5ASKNLC74B/

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2022-0474

Affected packages