OESA-2022-1657
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1657
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2022-1657.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2022-1657
- Upstream
- Published
- 2022-05-18T11:03:47Z
- Modified
- 2025-08-12T05:12:56.746592Z
- Summary
- freerdp security update
- Details
-
FreeRDP is a client implementation of the Remote Desktop Protocol (RDP) that follows Microsoft's open specifications. This package provides the client applications xfreerdp and wlfreerdp.
Security Fix(es):
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a
SAMfile might be successful for invalid credentials if the server has configured an invalidSAMfile path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against aSAMfile are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication viaHashCallbackand/or ensure theSAMdatabase path configured is valid and the application has file handles left.(CVE-2022-24883)FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.(CVE-2022-24882)
- Database specific
{ "severity": "Critical" }- References
Affected packages
openEuler:20.03-LTS-SP1 / freerdp
Package
- Name
- freerdp
- Purl
- pkg:rpm/openEuler/freerdp&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.7.0-1.oe1
Ecosystem specific
{
"aarch64": [
"freerdp-2.7.0-1.oe1.aarch64.rpm",
"freerdp-debuginfo-2.7.0-1.oe1.aarch64.rpm",
"freerdp-debugsource-2.7.0-1.oe1.aarch64.rpm",
"freerdp-devel-2.7.0-1.oe1.aarch64.rpm",
"freerdp-help-2.7.0-1.oe1.aarch64.rpm",
"libwinpr-2.7.0-1.oe1.aarch64.rpm",
"libwinpr-devel-2.7.0-1.oe1.aarch64.rpm"
],
"src": [
"freerdp-2.7.0-1.oe1.src.rpm"
],
"x86_64": [
"freerdp-2.7.0-1.oe1.x86_64.rpm",
"freerdp-debuginfo-2.7.0-1.oe1.x86_64.rpm",
"freerdp-debugsource-2.7.0-1.oe1.x86_64.rpm",
"freerdp-devel-2.7.0-1.oe1.x86_64.rpm",
"freerdp-help-2.7.0-1.oe1.x86_64.rpm",
"libwinpr-2.7.0-1.oe1.x86_64.rpm",
"libwinpr-devel-2.7.0-1.oe1.x86_64.rpm"
]
}
openEuler:20.03-LTS-SP3 / freerdp
Package
- Name
- freerdp
- Purl
- pkg:rpm/openEuler/freerdp&distro=openEuler-20.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.7.0-1.oe1
Ecosystem specific
{
"aarch64": [
"freerdp-2.7.0-1.oe1.aarch64.rpm",
"freerdp-debuginfo-2.7.0-1.oe1.aarch64.rpm",
"freerdp-debugsource-2.7.0-1.oe1.aarch64.rpm",
"freerdp-devel-2.7.0-1.oe1.aarch64.rpm",
"freerdp-help-2.7.0-1.oe1.aarch64.rpm",
"libwinpr-2.7.0-1.oe1.aarch64.rpm",
"libwinpr-devel-2.7.0-1.oe1.aarch64.rpm"
],
"src": [
"freerdp-2.7.0-1.oe1.src.rpm"
],
"x86_64": [
"freerdp-2.7.0-1.oe1.x86_64.rpm",
"freerdp-debuginfo-2.7.0-1.oe1.x86_64.rpm",
"freerdp-debugsource-2.7.0-1.oe1.x86_64.rpm",
"freerdp-devel-2.7.0-1.oe1.x86_64.rpm",
"freerdp-help-2.7.0-1.oe1.x86_64.rpm",
"libwinpr-2.7.0-1.oe1.x86_64.rpm",
"libwinpr-devel-2.7.0-1.oe1.x86_64.rpm"
]
}
openEuler:22.03-LTS / freerdp
Package
- Name
- freerdp
- Purl
- pkg:rpm/openEuler/freerdp&distro=openEuler-22.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.7.0-1.oe2203
Ecosystem specific
{
"aarch64": [
"freerdp-2.7.0-1.oe2203.aarch64.rpm",
"freerdp-debuginfo-2.7.0-1.oe2203.aarch64.rpm",
"freerdp-debugsource-2.7.0-1.oe2203.aarch64.rpm",
"freerdp-devel-2.7.0-1.oe2203.aarch64.rpm",
"freerdp-help-2.7.0-1.oe2203.aarch64.rpm",
"libwinpr-2.7.0-1.oe2203.aarch64.rpm",
"libwinpr-devel-2.7.0-1.oe2203.aarch64.rpm"
],
"src": [
"freerdp-2.7.0-1.oe2203.src.rpm"
],
"x86_64": [
"freerdp-2.7.0-1.oe2203.x86_64.rpm",
"freerdp-debuginfo-2.7.0-1.oe2203.x86_64.rpm",
"freerdp-debugsource-2.7.0-1.oe2203.x86_64.rpm",
"freerdp-devel-2.7.0-1.oe2203.x86_64.rpm",
"freerdp-help-2.7.0-1.oe2203.x86_64.rpm",
"libwinpr-2.7.0-1.oe2203.x86_64.rpm",
"libwinpr-devel-2.7.0-1.oe2203.x86_64.rpm"
]
}