freerdp-2.8.1-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12515 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z freerdp-2.8.1-1.1 on GA media These are all security issues fixed in the freerdp-2.8.1-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12515 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12515 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-39282/ SUSE CVE CVE-2022-39282 page https://www.suse.com/security/cve/CVE-2022-39283/ SUSE CVE CVE-2022-39283 page openSUSE Tumbleweed freerdp-2.8.1-1.1 freerdp-devel-2.8.1-1.1 freerdp-proxy-2.8.1-1.1 freerdp-server-2.8.1-1.1 freerdp-wayland-2.8.1-1.1 libfreerdp2-2-2.8.1-1.1 libuwac0-0-2.8.1-1.1 libwinpr2-2-2.8.1-1.1 uwac0-0-devel-2.8.1-1.1 winpr-devel-2.8.1-1.1 freerdp-2.8.1-1.1 as a component of openSUSE Tumbleweed freerdp-devel-2.8.1-1.1 as a component of openSUSE Tumbleweed freerdp-proxy-2.8.1-1.1 as a component of openSUSE Tumbleweed freerdp-server-2.8.1-1.1 as a component of openSUSE Tumbleweed freerdp-wayland-2.8.1-1.1 as a component of openSUSE Tumbleweed libfreerdp2-2-2.8.1-1.1 as a component of openSUSE Tumbleweed libuwac0-0-2.8.1-1.1 as a component of openSUSE Tumbleweed libwinpr2-2-2.8.1-1.1 as a component of openSUSE Tumbleweed uwac0-0-devel-2.8.1-1.1 as a component of openSUSE Tumbleweed winpr-devel-2.8.1-1.1 as a component of openSUSE Tumbleweed FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read uninitialized data and send it to the server the client is currently connected to. FreeRDP based server implementations are not affected. Please upgrade to 2.8.1 where this issue is patched. If unable to upgrade, do not use parallel port redirection (`/parallel` command line switch) as a workaround. CVE-2022-39282 openSUSE Tumbleweed:freerdp-2.8.1-1.1 openSUSE Tumbleweed:freerdp-devel-2.8.1-1.1 openSUSE Tumbleweed:freerdp-proxy-2.8.1-1.1 openSUSE Tumbleweed:freerdp-server-2.8.1-1.1 openSUSE Tumbleweed:freerdp-wayland-2.8.1-1.1 openSUSE Tumbleweed:libfreerdp2-2-2.8.1-1.1 openSUSE Tumbleweed:libuwac0-0-2.8.1-1.1 openSUSE Tumbleweed:libwinpr2-2-2.8.1-1.1 openSUSE Tumbleweed:uwac0-0-devel-2.8.1-1.1 openSUSE Tumbleweed:winpr-devel-2.8.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-39282.html CVE-2022-39282 https://bugzilla.suse.com/1204258 SUSE Bug 1204258 FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read uninitialized data, decode it as audio/video and display the result. FreeRDP based server implementations are not affected. This issue has been patched in version 2.8.1. If you cannot upgrade do not use the `/video` switch. CVE-2022-39283 openSUSE Tumbleweed:freerdp-2.8.1-1.1 openSUSE Tumbleweed:freerdp-devel-2.8.1-1.1 openSUSE Tumbleweed:freerdp-proxy-2.8.1-1.1 openSUSE Tumbleweed:freerdp-server-2.8.1-1.1 openSUSE Tumbleweed:freerdp-wayland-2.8.1-1.1 openSUSE Tumbleweed:libfreerdp2-2-2.8.1-1.1 openSUSE Tumbleweed:libuwac0-0-2.8.1-1.1 openSUSE Tumbleweed:libwinpr2-2-2.8.1-1.1 openSUSE Tumbleweed:uwac0-0-devel-2.8.1-1.1 openSUSE Tumbleweed:winpr-devel-2.8.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-39283.html CVE-2022-39283 https://bugzilla.suse.com/1204257 SUSE Bug 1204257