An update for freerdp is now available for openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1763 Final 1.0 1.0 2023-10-27 Initial 2023-10-27 2023-10-27 openEuler SA Tool V1.0 2023-10-27 freerdp security update An update for freerdp is now available for openEuler-20.03-LTS-SP1. FreeRDP is a client implementation of the Remote Desktop Protocol (RDP) that follows Microsoft's open specifications. This package provides the client applications xfreerdp and wlfreerdp. Security Fix(es): In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.(CVE-2020-4030) An update for freerdp is now available for openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium freerdp https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1763 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-4030 https://nvd.nist.gov/vuln/detail/CVE-2020-4030 openEuler-20.03-LTS-SP1 freerdp-help-2.11.1-1.oe1.aarch64.rpm freerdp-2.11.1-1.oe1.aarch64.rpm libwinpr-devel-2.11.1-1.oe1.aarch64.rpm freerdp-devel-2.11.1-1.oe1.aarch64.rpm libwinpr-2.11.1-1.oe1.aarch64.rpm freerdp-debugsource-2.11.1-1.oe1.aarch64.rpm freerdp-debuginfo-2.11.1-1.oe1.aarch64.rpm freerdp-2.11.1-1.oe1.src.rpm libwinpr-2.11.1-1.oe1.x86_64.rpm freerdp-help-2.11.1-1.oe1.x86_64.rpm freerdp-debuginfo-2.11.1-1.oe1.x86_64.rpm libwinpr-devel-2.11.1-1.oe1.x86_64.rpm freerdp-debugsource-2.11.1-1.oe1.x86_64.rpm freerdp-devel-2.11.1-1.oe1.x86_64.rpm freerdp-2.11.1-1.oe1.x86_64.rpm In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2. 2023-10-27 CVE-2020-4030 openEuler-20.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L freerdp security update 2023-10-27 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1763