919455 – (CVE-2021-44425, CVE-2021-44426) net-misc/anydesk multiple vulnerabilities

Bug 919455 (CVE-2021-44425, CVE-2021-44426) - net-misc/anydesk multiple vulnerabilities

Summary: net-misc/anydesk multiple vulnerabilities

Status:	RESOLVED INVALID

Alias:	CVE-2021-44425, CVE-2021-44426

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:	https://www.cvedetails.com/cve/CVE-20...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2023-12-08 10:54 UTC by nvaert1986
Modified:	2023-12-12 06:08 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description nvaert1986 2023-12-08 10:54:48 UTC

Older versions of AnyDesk contain security flaws. It's recommended to update this to the latest version, due to newer security flaws in more recent versions of the software.

See https://www.cvedetails.com/cve/CVE-2021-44426/ and https://www.cvedetails.com/cve/CVE-2021-44425/ and https://www.cvedetails.com/cve/CVE-2023-26509/ for more details.

Reproducible: Always

Steps to Reproduce:
Steps to Reproduce:
1.Run emerge -pv andesk and notice that the latest version in portage is 6.3.0.
Actual Results:  
An outdated version of net-misc/anydesk

Expected Results:  
A secure up-to-date version of net-misc/anydesk

Let me know if there's any additional information is necessary.

Comment 1 Jaco Kroon 2023-12-12 06:08:37 UTC

The former two are vulnerabilities in the *Anydesk Windows client*, so not relevant to Linux, the third is against version 7.0.8 which isn't available on Linux at all.

Marking as RESOLVED / INVALID.

Kind regards,
Jaco