FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections (`/gt:rpc`) fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use `/gt:http` rather than /gt:rdp connections if possible or use a direct connection without a gateway.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.
If you can, please remember to file/tag security bugs if you can when bumping or if you notice CVEs in the release notes
Please file a stablereq when ready
There's a compiler warning I would like to resolve before stabilizing 2.4.1.
The bug has been referenced in the following commit(s):
Author: Mike Gilbert <email@example.com>
AuthorDate: 2021-10-31 21:40:41 +0000
Commit: Mike Gilbert <firstname.lastname@example.org>
CommitDate: 2021-10-31 21:40:41 +0000
net-misc/freerdp: drop 2.3.2
Signed-off-by: Mike Gilbert <email@example.com>
net-misc/freerdp/Manifest | 1 -
net-misc/freerdp/files/freerdp-2-openssl-3.0.patch | 61 ----------
...dp-2.4.0-TestUnicodeConversion-big-endian.patch | 28 -----
net-misc/freerdp/freerdp-2.3.2.ebuild | 123 ---------------------
4 files changed, 213 deletions(-)