FreeRDP 3.30 Is Out with Critical Security Fixes

FreeRDP 3.30, the open-source implementation of the Remote Desktop Protocol, fixes a severe server-side security issue; upgrades are strongly recommended.

Only three days after version 3.29, the FreeRDP project has released version 3.30 of the open-source Remote Desktop Protocol implementation, addressing critical security and bug fixes.

Most importantly, the developers say the update addresses a severe server-side security issue and strongly recommend that users upgrade. The release is accompanied by three new GitHub security advisories credited to Claude and Ada Logics.

In addition to dealing with new security issues, the update implements stricter bounds checks in several FreeRDP components, including the SDL clipboard, the Audin audio input channel, and the rdpsnd sound channel.

This release also resolves a WebSocket regression from the previous version and improves protocol version handling in the core and RDSTLS components.

Another correction affects the dynamic virtual channel implementation, drdynvc. FreeRDP now properly releases a channel reference when sending a channel creation request fails, preventing the affected object from being left incorrectly referenced.

On top of that, FreeRDP 3.30 also updates logon information handling and cleans up packet capture functionality.

To summarize, the changes included in this release are:

  • Updated logon information handling
  • Fixed a WebSocket regression
  • Added SDL clipboard bounds checks
  • Improved core and RDSTLS version handling
  • Fixed channel reference handling in drdynvc
  • Added further Audin validation checks
  • Tightened rdpsnd bounds checks
  • Cleaned up packet capture-related code

Due to the severity of the issue and the developers’ recommendation, users and administrators (especially those running server-side components) should upgrade to version 3.30 as soon as updated packages are available through their Linux distribution repositories.

Source archives are available from FreeRDP’s official download servers. For more details, see the project’s release announcement.

Bobby Borisov

Bobby Borisov

Bobby, an editor-in-chief at Linuxiac, is a Linux professional with over 20 years of experience. With a strong focus on Linux and open-source software, he has worked as a Senior Linux System Administrator, Software Developer, and DevOps Engineer for small and large multinational companies.

Leave a Reply

Your email address will not be published. Required fields are marked *