{"schema_version":"1.7.2","id":"OESA-2021-1414","modified":"2021-11-04T11:03:19Z","published":"2021-11-04T11:03:19Z","upstream":["CVE-2021-41159"],"summary":"freerdp security update","details":"A Remote Desktop Protocol Implementation\r\n\r\nSecurity Fix(es):\r\n\r\nFreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use /gt:http rather than /gt:rdp connections if possible or use a direct connection without a gateway.(CVE-2021-41159)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"freerdp","purl":"pkg:rpm/openEuler/freerdp\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.1-1.oe1"}]}],"ecosystem_specific":{"aarch64":["freerdp-2.4.1-1.oe1.aarch64.rpm","freerdp-debuginfo-2.4.1-1.oe1.aarch64.rpm","freerdp-debugsource-2.4.1-1.oe1.aarch64.rpm","freerdp-devel-2.4.1-1.oe1.aarch64.rpm","freerdp-help-2.4.1-1.oe1.aarch64.rpm","libwinpr-2.4.1-1.oe1.aarch64.rpm","libwinpr-devel-2.4.1-1.oe1.aarch64.rpm"],"src":["freerdp-2.4.1-1.oe1.src.rpm"],"x86_64":["freerdp-2.4.1-1.oe1.x86_64.rpm","freerdp-debuginfo-2.4.1-1.oe1.x86_64.rpm","freerdp-debugsource-2.4.1-1.oe1.x86_64.rpm","freerdp-devel-2.4.1-1.oe1.x86_64.rpm","freerdp-help-2.4.1-1.oe1.x86_64.rpm","libwinpr-2.4.1-1.oe1.x86_64.rpm","libwinpr-devel-2.4.1-1.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP2","name":"freerdp","purl":"pkg:rpm/openEuler/freerdp\u0026distro=openEuler-20.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.1-1.oe1"}]}],"ecosystem_specific":{"aarch64":["freerdp-2.4.1-1.oe1.aarch64.rpm","freerdp-debuginfo-2.4.1-1.oe1.aarch64.rpm","freerdp-debugsource-2.4.1-1.oe1.aarch64.rpm","freerdp-devel-2.4.1-1.oe1.aarch64.rpm","freerdp-help-2.4.1-1.oe1.aarch64.rpm","libwinpr-2.4.1-1.oe1.aarch64.rpm","libwinpr-devel-2.4.1-1.oe1.aarch64.rpm"],"src":["freerdp-2.4.1-1.oe1.src.rpm"],"x86_64":["freerdp-2.4.1-1.oe1.x86_64.rpm","freerdp-debuginfo-2.4.1-1.oe1.x86_64.rpm","freerdp-debugsource-2.4.1-1.oe1.x86_64.rpm","freerdp-devel-2.4.1-1.oe1.x86_64.rpm","freerdp-help-2.4.1-1.oe1.x86_64.rpm","libwinpr-2.4.1-1.oe1.x86_64.rpm","libwinpr-devel-2.4.1-1.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1414"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41159"}],"database_specific":{"severity":"Critical"}}