CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
72.2%
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.
Security Fix(es):
progressive_decompress
function due to incorrect calculations (CVE-2023-40569)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
almalinux | 9 | i686 | libwinpr | < 2.11.2-1.el9 | libwinpr-2.11.2-1.el9.i686.rpm |
almalinux | 9 | i686 | freerdp-libs | < 2.11.2-1.el9 | freerdp-libs-2.11.2-1.el9.i686.rpm |
almalinux | 9 | aarch64 | freerdp | < 2.11.2-1.el9 | freerdp-2.11.2-1.el9.aarch64.rpm |
almalinux | 9 | aarch64 | libwinpr | < 2.11.2-1.el9 | libwinpr-2.11.2-1.el9.aarch64.rpm |
almalinux | 9 | aarch64 | freerdp-libs | < 2.11.2-1.el9 | freerdp-libs-2.11.2-1.el9.aarch64.rpm |
almalinux | 9 | x86_64 | freerdp | < 2.11.2-1.el9 | freerdp-2.11.2-1.el9.x86_64.rpm |
almalinux | 9 | x86_64 | freerdp-libs | < 2.11.2-1.el9 | freerdp-libs-2.11.2-1.el9.x86_64.rpm |
almalinux | 9 | x86_64 | libwinpr | < 2.11.2-1.el9 | libwinpr-2.11.2-1.el9.x86_64.rpm |
almalinux | 9 | s390x | libwinpr | < 2.11.2-1.el9 | libwinpr-2.11.2-1.el9.s390x.rpm |
almalinux | 9 | s390x | freerdp | < 2.11.2-1.el9 | freerdp-2.11.2-1.el9.s390x.rpm |
access.redhat.com/errata/RHSA-2024:2208
access.redhat.com/security/cve/CVE-2023-39350
access.redhat.com/security/cve/CVE-2023-39351
access.redhat.com/security/cve/CVE-2023-39352
access.redhat.com/security/cve/CVE-2023-39353
access.redhat.com/security/cve/CVE-2023-39354
access.redhat.com/security/cve/CVE-2023-39356
access.redhat.com/security/cve/CVE-2023-40181
access.redhat.com/security/cve/CVE-2023-40186
access.redhat.com/security/cve/CVE-2023-40188
access.redhat.com/security/cve/CVE-2023-40567
access.redhat.com/security/cve/CVE-2023-40569
access.redhat.com/security/cve/CVE-2023-40589
bugzilla.redhat.com/2236606
bugzilla.redhat.com/2236650
bugzilla.redhat.com/2236656
bugzilla.redhat.com/2236669
bugzilla.redhat.com/2236730
bugzilla.redhat.com/2236750
bugzilla.redhat.com/2236759
bugzilla.redhat.com/2236763
bugzilla.redhat.com/2236766
bugzilla.redhat.com/2236774
bugzilla.redhat.com/2236779
bugzilla.redhat.com/2236784
errata.almalinux.org/9/ALSA-2024-2208.html