ELA-1030-1 freerdp security update

multiple vulnerabilities

2024-01-17
Packagefreerdp
Version1.1.0~git20140921.1.440916e+dfsg1-13+deb9u6 (stretch)
Related CVEs CVE-2020-11524 CVE-2022-39282 CVE-2022-39318 CVE-2022-39319 CVE-2022-39347 CVE-2022-41877 CVE-2023-39353 CVE-2023-39354 CVE-2023-39356 CVE-2023-40188


Multiple vulnerabilities have been found in freerdp2, a free implementation of the Remote Desktop Protocol (RDP). An attacker (e.g. through a malicious RDP server) could launch DoS (denial-of-service) attacks through multiple vectors typically crashing the client, exploit buffer overflows that could lead to command execution, or access files outside of a shared directory.

This update also fixes two regressions related to the CVE-2020-11096 and CVE-2020-11089 fixes in ELA-717-1.



For Debian 9 stretch, these problems have been fixed in version 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u6.

We recommend that you upgrade your freerdp packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.