An update for freerdp is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1414 Final 1.0 1.0 2021-11-04 Initial 2021-11-04 2021-11-04 openEuler SA Tool V1.0 2021-11-04 freerdp security update An update for freerdp is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. A Remote Desktop Protocol Implementation Security Fix(es): FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use /gt:http rather than /gt:rdp connections if possible or use a direct connection without a gateway.(CVE-2021-41159) An update for freerdp is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. openEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Critical freerdp https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1414 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2021-41159 https://nvd.nist.gov/vuln/detail/CVE-2021-41159 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 freerdp-2.4.1-1.oe1.noarch.rpm freerdp-debuginfo-2.4.1-1.oe1.noarch.rpm freerdp-debugsource-2.4.1-1.oe1.noarch.rpm freerdp-devel-2.4.1-1.oe1.noarch.rpm freerdp-help-2.4.1-1.oe1.noarch.rpm libwinpr-2.4.1-1.oe1.noarch.rpm libwinpr-devel-2.4.1-1.oe1.noarch.rpm freerdp-2.4.1-1.oe1.noarch.rpm freerdp-debuginfo-2.4.1-1.oe1.noarch.rpm freerdp-debugsource-2.4.1-1.oe1.noarch.rpm freerdp-devel-2.4.1-1.oe1.noarch.rpm freerdp-help-2.4.1-1.oe1.noarch.rpm libwinpr-2.4.1-1.oe1.noarch.rpm libwinpr-devel-2.4.1-1.oe1.noarch.rpm freerdp-2.4.1-1.oe1.src.rpm freerdp-2.4.1-1.oe1.src.rpm FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. All FreeRDP clients prior to version 2.4.1 using gateway connections fail to validate input data. A malicious gateway might allow client memory to be written out of bounds. This issue has been resolved in version 2.4.1. If you are unable to update then use /gt:http rather than /gt:rdp connections if possible or use a direct connection without a gateway. 2021-11-04 CVE-2021-41159 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Critical 9.1 AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H freerdp security update 2021-11-04 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1414