FreeRDP 3.29.0 Security Update Fixes 22 Critical Vulnerabilities

www.news4hackers.com-freerdp-3-29-0-security-update-fixes-22-critical-vulnerabilities-freerdp-3-29-0-security-update-fixes-22-critical-vulnerabilities

FreeRDP 3.29.0 security update addresses 22 vulnerabilities

Security Enhancements Detailed

Security enhancements detailed The updates focus on strengthening code integrity through systematic modifications. Multiple patches introduce boundary and length validation mechanisms for media and channel components. These include restrictions on AV1 decoding output dimensions, alignment of region rectangle checks with existing AVC protocols, and corrections to H.264 decoder discrepancies involving surface size mismatches. The camera channel now incorporates data validation checks and resolves issues with config descriptor parsing. Cryptographic and connection pathways also received attention. A specific patch ensures the core rejects insufficient server random values during key negotiation processes. Another improvement addresses handling of embedded null bytes in X.509 certificate processing. The Windows client now includes endpoint FedAuth token authentication and a server response size verification mechanism. Additional measures target resource constraints and general runtime resilience.

Cross-Platform Compatibility Improvements

Cross-platform compatibility improvements This release includes adjustments for mobile environments. iOS build stability was enhanced, Android build issues were resolved, and clipboard MIME format handling was refined in the SDL client.

Frequent Release Schedule

Frequent release schedule FreeRDP maintains a rapid development cycle. Version 3.29.0 followed 3.28.0 by a week, with prior updates spaced weekly during the spring. Version 3.28.0 introduced iOS client revival and a server-side smartcard API. The 3.29.0 update prioritizes security, reflecting a thorough review by independent researchers as noted by maintainer Armin Novak. The library forms the foundational RDP engine for various downstream applications. Vulnerabilities in widely adopted components can impact a broader ecosystem beyond direct users, underscoring the significance of coordinated mitigation efforts. Users of FreeRDP or derivative software are advised to obtain the 3.29.0 archive from the project’s official release server.


Blog Image

About Author

en_USEnglish