An update for freerdp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1657 Final 1.0 1.0 2022-05-18 Initial 2022-05-18 2022-05-18 openEuler SA Tool V1.0 2022-05-18 freerdp security update An update for freerdp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. FreeRDP is a client implementation of the Remote Desktop Protocol (RDP) that follows Microsoft's open specifications. This package provides the client applications xfreerdp and wlfreerdp. Security Fix(es): FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left.(CVE-2022-24883) FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds.(CVE-2022-24882) An update for freerdp is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical freerdp https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1657 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-24883 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-24882 https://nvd.nist.gov/vuln/detail/CVE-2022-24883 https://nvd.nist.gov/vuln/detail/CVE-2022-24882 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS freerdp-2.7.0-1.oe1.aarch64.rpm freerdp-debuginfo-2.7.0-1.oe1.aarch64.rpm freerdp-debugsource-2.7.0-1.oe1.aarch64.rpm freerdp-devel-2.7.0-1.oe1.aarch64.rpm freerdp-help-2.7.0-1.oe1.aarch64.rpm libwinpr-2.7.0-1.oe1.aarch64.rpm libwinpr-devel-2.7.0-1.oe1.aarch64.rpm freerdp-2.7.0-1.oe1.aarch64.rpm freerdp-debuginfo-2.7.0-1.oe1.aarch64.rpm freerdp-debugsource-2.7.0-1.oe1.aarch64.rpm freerdp-devel-2.7.0-1.oe1.aarch64.rpm freerdp-help-2.7.0-1.oe1.aarch64.rpm libwinpr-2.7.0-1.oe1.aarch64.rpm libwinpr-devel-2.7.0-1.oe1.aarch64.rpm freerdp-2.7.0-1.oe2203.aarch64.rpm freerdp-debuginfo-2.7.0-1.oe2203.aarch64.rpm freerdp-debugsource-2.7.0-1.oe2203.aarch64.rpm freerdp-devel-2.7.0-1.oe2203.aarch64.rpm freerdp-help-2.7.0-1.oe2203.aarch64.rpm libwinpr-2.7.0-1.oe2203.aarch64.rpm libwinpr-devel-2.7.0-1.oe2203.aarch64.rpm freerdp-2.7.0-1.oe1.src.rpm freerdp-2.7.0-1.oe1.src.rpm freerdp-2.7.0-1.oe2203.src.rpm freerdp-2.7.0-1.oe1.x86_64.rpm freerdp-debuginfo-2.7.0-1.oe1.x86_64.rpm freerdp-debugsource-2.7.0-1.oe1.x86_64.rpm freerdp-devel-2.7.0-1.oe1.x86_64.rpm freerdp-help-2.7.0-1.oe1.x86_64.rpm libwinpr-2.7.0-1.oe1.x86_64.rpm libwinpr-devel-2.7.0-1.oe1.x86_64.rpm freerdp-2.7.0-1.oe1.x86_64.rpm freerdp-debuginfo-2.7.0-1.oe1.x86_64.rpm freerdp-debugsource-2.7.0-1.oe1.x86_64.rpm freerdp-devel-2.7.0-1.oe1.x86_64.rpm freerdp-help-2.7.0-1.oe1.x86_64.rpm libwinpr-2.7.0-1.oe1.x86_64.rpm libwinpr-devel-2.7.0-1.oe1.x86_64.rpm freerdp-2.7.0-1.oe2203.x86_64.rpm freerdp-debuginfo-2.7.0-1.oe2203.x86_64.rpm freerdp-debugsource-2.7.0-1.oe2203.x86_64.rpm freerdp-devel-2.7.0-1.oe2203.x86_64.rpm freerdp-help-2.7.0-1.oe2203.x86_64.rpm libwinpr-2.7.0-1.oe2203.x86_64.rpm libwinpr-devel-2.7.0-1.oe2203.x86_64.rpm FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left. 2022-05-18 CVE-2022-24883 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS Critical 9.8 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H freerdp security update 2022-05-18 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1657 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds. 2022-05-18 CVE-2022-24882 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N freerdp security update 2022-05-18 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1657