An update for freerdp is now available for openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1719 Final 1.0 1.0 2023-10-13 Initial 2023-10-13 2023-10-13 openEuler SA Tool V1.0 2023-10-13 freerdp security update An update for freerdp is now available for openEuler-20.03-LTS-SP1. FreeRDP is a client implementation of the Remote Desktop Protocol (RDP) that follows Microsoft's open specifications. This package provides the client applications xfreerdp and wlfreerdp. Security Fix(es): In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto(CVE-2020-15103) An update for freerdp is now available for openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Low freerdp https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1719 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-15103 https://nvd.nist.gov/vuln/detail/CVE-2020-15103 openEuler-20.03-LTS-SP1 freerdp-debuginfo-2.11.1-1.oe1.aarch64.rpm freerdp-help-2.11.1-1.oe1.aarch64.rpm freerdp-devel-2.11.1-1.oe1.aarch64.rpm libwinpr-2.11.1-1.oe1.aarch64.rpm libwinpr-devel-2.11.1-1.oe1.aarch64.rpm freerdp-2.11.1-1.oe1.aarch64.rpm freerdp-debugsource-2.11.1-1.oe1.aarch64.rpm freerdp-2.11.1-1.oe1.src.rpm libwinpr-devel-2.11.1-1.oe1.x86_64.rpm libwinpr-2.11.1-1.oe1.x86_64.rpm freerdp-2.11.1-1.oe1.x86_64.rpm freerdp-debugsource-2.11.1-1.oe1.x86_64.rpm freerdp-help-2.11.1-1.oe1.x86_64.rpm freerdp-debuginfo-2.11.1-1.oe1.x86_64.rpm freerdp-devel-2.11.1-1.oe1.x86_64.rpm In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto 2023-10-13 CVE-2020-15103 openEuler-20.03-LTS-SP1 Low 3.5 AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L freerdp security update 2023-10-13 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1719