Bugzilla – Bug 1204258
VUL-0: CVE-2022-39282: freerdp: using the `/parallel` command line switch might read uninitialized data
Last modified: 2024-06-26 10:32:31 UTC
CVE-2022-39282 FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39282 http://www.cvedetails.com/cve/CVE-2022-39282/ https://github.com/FreeRDP/FreeRDP/releases/tag/2.8.1 https://www.cve.org/CVERecord?id=CVE-2022-39282 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c45q-wcpg-mxjq
relevant for Factory and openSUSE:Backports:SLE-15-SP*
tracking as affected: - SUSE:SLE-12-SP2:Update/freerdp - SUSE:SLE-15-SP2:Update/freerdp - SUSE:SLE-15-SP4:Update/freerdp
Cleaning up GNOME CVE backlog. The fix has been submitted and accepted. Assign back to security team.
SUSE-SU-2022:3982-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1204257,1204258 CVE References: CVE-2022-39282,CVE-2022-39283 JIRA References: Sources used: openSUSE Leap 15.3 (src): freerdp-2.1.2-150200.15.21.1 SUSE Linux Enterprise Workstation Extension 15-SP3 (src): freerdp-2.1.2-150200.15.21.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src): freerdp-2.1.2-150200.15.21.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:3983-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1204257,1204258 CVE References: CVE-2022-39282,CVE-2022-39283 JIRA References: Sources used: openSUSE Leap 15.4 (src): freerdp-2.4.0-150400.3.9.1 SUSE Linux Enterprise Workstation Extension 15-SP4 (src): freerdp-2.4.0-150400.3.9.1 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (src): freerdp-2.4.0-150400.3.9.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2022:3984-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1204257,1204258 CVE References: CVE-2022-39282,CVE-2022-39283 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 12-SP5 (src): freerdp-2.1.2-12.29.1 SUSE Linux Enterprise Software Development Kit 12-SP5 (src): freerdp-2.1.2-12.29.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done