Lucene search
Copyright (C) 2022 Greenbone AGOPENVAS:13614125623114202239831HistoryNov 16, 2022 - 12:00 a.m.
SUSE: Security Advisory (SUSE-SU-2022:3983-1)
2022-11-1600:00:00
Copyright (C) 2022 Greenbone AG
plugins.openvas.org
14
suse linux enterprise
freerdp
security advisory
cve-2022-39282
cve-2022-39283
update
package
vulnerability fix
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.7
Confidence
High
EPSS
0.002
Percentile
61.8%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.4.2022.3983.1");
script_cve_id("CVE-2022-39282", "CVE-2022-39283");
script_tag(name:"creation_date", value:"2022-11-16 04:24:29 +0000 (Wed, 16 Nov 2022)");
script_version("2024-02-02T14:37:51+0000");
script_tag(name:"last_modification", value:"2024-02-02 14:37:51 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:N/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-10-13 17:36:19 +0000 (Thu, 13 Oct 2022)");
script_name("SUSE: Security Advisory (SUSE-SU-2022:3983-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("SuSE Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES15\.0SP4)");
script_xref(name:"Advisory-ID", value:"SUSE-SU-2022:3983-1");
script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2022/suse-su-20223983-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'freerdp' package(s) announced via the SUSE-SU-2022:3983-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"This update for freerdp fixes the following issues:
CVE-2022-39282: Fix to init data read by `/parallel` command line
switch. (bsc#1204258)
CVE-2022-39283: Fix to prevent video channel from reading uninitialized
data. (bsc#1204257)");
script_tag(name:"affected", value:"'freerdp' package(s) on SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4, SUSE Linux Enterprise Workstation Extension 15-SP4.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "SLES15.0SP4") {
if(!isnull(res = isrpmvuln(pkg:"freerdp", rpm:"freerdp~2.4.0~150400.3.9.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"freerdp-debuginfo", rpm:"freerdp-debuginfo~2.4.0~150400.3.9.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"freerdp-debugsource", rpm:"freerdp-debugsource~2.4.0~150400.3.9.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"freerdp-devel", rpm:"freerdp-devel~2.4.0~150400.3.9.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"freerdp-proxy", rpm:"freerdp-proxy~2.4.0~150400.3.9.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"freerdp-proxy-debuginfo", rpm:"freerdp-proxy-debuginfo~2.4.0~150400.3.9.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreerdp2", rpm:"libfreerdp2~2.4.0~150400.3.9.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfreerdp2-debuginfo", rpm:"libfreerdp2-debuginfo~2.4.0~150400.3.9.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwinpr2", rpm:"libwinpr2~2.4.0~150400.3.9.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libwinpr2-debuginfo", rpm:"libwinpr2-debuginfo~2.4.0~150400.3.9.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"winpr2-devel", rpm:"winpr2-devel~2.4.0~150400.3.9.1", rls:"SLES15.0SP4"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
mageia
mageia
Updated freerdp packages fix security vulnerability
2022-11-25 01:21:24
altlinux
altlinux
Security fix for the ALT Linux 9 package freerdp version 2.8.1-alt1
2022-10-14 00:00:00
redos
redos
ROS-20221017-01
2022-10-17 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 Security Update : freerdp (SUSE-SU-2022:3983-1)
2022-11-16 00:00:00
Fedora 35 : 2:freerdp (2022-e733724edb)
2022-12-22 00:00:00
SUSE SLED12 / SLES12 Security Update : freerdp (SUSE-SU-2022:3984-1)
2022-11-17 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0437)
2022-11-25 00:00:00
Fedora: Security Advisory for freerdp (FEDORA-2022-e733724edb)
2022-12-02 00:00:00
FreeRDP < 2.8.1 Multiple Vulnerabilities
2022-11-29 00:00:00
osv
osv
freerdp-2.8.1-1.1 on GA media
2024-06-15 00:00:00
CVE-2022-39282
2022-10-12 23:15:09
CVE-2022-39283
2022-10-12 23:15:09
fedora
fedora
[SECURITY] Fedora 35 Update: freerdp-2.8.1-1.fc35
2022-12-01 01:38:51
[SECURITY] Fedora 37 Update: freerdp-2.8.1-1.fc37
2022-12-01 01:30:37
[SECURITY] Fedora 36 Update: freerdp-2.9.0-1.fc36
2022-12-16 01:43:13
alpinelinux
alpinelinux
CVE-2022-39282
2022-10-12 23:15:00
CVE-2022-39283
2022-10-12 23:15:00
debiancve
debiancve
CVE-2022-39282
2022-10-12 23:15:09
CVE-2022-39283
2022-10-12 23:15:09
freebsd
freebsd
cve
cve
CVE-2022-39282
2022-10-12 23:15:09
CVE-2022-39283
2022-10-12 23:15:09
ubuntucve
ubuntucve
CVE-2022-39283
2022-10-12 00:00:00
CVE-2022-39282
2022-10-12 00:00:00
veracode
veracode
Sensitive Information Disclosure
2022-10-19 07:55:25
Information Disclosure
2022-11-25 09:07:28
nvd
nvd
CVE-2022-39283
2022-10-12 23:15:09
CVE-2022-39282
2022-10-12 23:15:09
prion
prion
Double free
2022-10-12 23:15:00
Double free
2022-10-12 23:15:00
cvelist
cvelist
CVE-2022-39283 FreeRDP may read and display out of bounds data
2022-10-12 00:00:00
redhatcve
redhatcve
CVE-2022-39283
2022-10-14 06:29:09
CVE-2022-39282
2022-10-14 06:29:01
gentoo
gentoo
FreeRDP: Multiple Vulnerabilities
2022-10-31 00:00:00
ubuntu
ubuntu
FreeRDP vulnerabilities
2022-11-22 00:00:00
amazon
amazon
Important: freerdp
2023-01-31 19:55:00
redhat
redhat
(RHSA-2023:2326) Moderate: freerdp security update
2023-05-09 05:07:27
(RHSA-2023:2851) Moderate: freerdp security update
2023-05-16 05:56:17
oraclelinux
oraclelinux
freerdp security update
2023-05-15 00:00:00
freerdp security update
2023-05-24 00:00:00
almalinux
almalinux
Moderate: freerdp security update
2023-05-09 00:00:00
Moderate: freerdp security update
2023-05-16 00:00:00
debian
debian
[SECURITY] [DLA 3654-1] freerdp2 security update
2023-11-17 17:35:06
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
7.7
Confidence
High
EPSS
0.002
Percentile
61.8%
Related for OPENVAS:13614125623114202239831