CVE-2022-24883 (https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwf): FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). Prior to version 2.7.0, server side authentication against a `SAM` file might be successful for invalid credentials if the server has configured an invalid `SAM` file path. FreeRDP based clients are not affected. RDP server implementations using FreeRDP to authenticate against a `SAM` file are affected. Version 2.7.0 contains a fix for this issue. As a workaround, use custom authentication via `HashCallback` and/or ensure the `SAM` database path configured is valid and the application has file handles left. CVE-2022-24882 (https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-6x5p-gp49-3jhh): FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds. Please bump to 2.7.0.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=197e552bb1ca8b1a9293fce62e94dcc65e7661ad commit 197e552bb1ca8b1a9293fce62e94dcc65e7661ad Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2022-05-02 21:24:01 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2022-05-02 21:24:01 +0000 net-misc/freerdp: add 2.7.0 Bug: https://bugs.gentoo.org/842231 Signed-off-by: Mike Gilbert <floppym@gentoo.org> net-misc/freerdp/Manifest | 1 + net-misc/freerdp/freerdp-2.7.0.ebuild | 124 ++++++++++++++++++++++++++++++++++ 2 files changed, 125 insertions(+)
Thanks!
Please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=834b871d4c131ffc200e9d99ef98f2a2dadac706 commit 834b871d4c131ffc200e9d99ef98f2a2dadac706 Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2022-05-10 16:25:11 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2022-05-10 16:25:11 +0000 net-misc/freerdp: drop 2.6.1 Bug: https://bugs.gentoo.org/842231 Signed-off-by: Mike Gilbert <floppym@gentoo.org> net-misc/freerdp/Manifest | 1 - net-misc/freerdp/freerdp-2.6.1.ebuild | 124 ---------------------------------- 2 files changed, 125 deletions(-)
GLSA request filed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=70650b727185312fc1ae0b5c29dbfcd482232bdb commit 70650b727185312fc1ae0b5c29dbfcd482232bdb Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 01:17:11 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 01:40:16 +0000 [ GLSA 202210-24 ] FreeRDP: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/819534 Bug: https://bugs.gentoo.org/842231 Bug: https://bugs.gentoo.org/876905 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-24.xml | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+)
GLSA released, all done!
