ISN 2022-12: Teradici PCoIP Library Vulnerabilities

Updated 2nd June 2022 (IGEL OS 11.07.140 available)

First published 9th May 2022

CVSS 3.1 Base Score: High

CVSS:3.1 n/a

Summary

Multiple vulnerabilities have been found in libraries bundled with the Teradici PCoIP client for Linux. This affects the following IGEL products:

• IGEL OS 11
• IGEL OS 10

Details

The Libexpat version bundled with the Teradici PCoIP client for Linux is affected by three critical issues (CVE-2022-22822, CVE-2022-22823, and CVE-2022-22824) and five issues rated high. Overall, the vendor HP rates the severity in the product context as high.

The OpenSSL version bundled with the Teradici PCoIP client for Linux has one issue rated high (CVE-2022-0778) and one rated medium (CVE-2021-4160). Overall, the vendor HP rates the severity in the product context as high.

The full list of CVEs can be found in the HP advisories given in the References section.

Update Instructions

• IGEL OS 11: Update to IGEL OS version 11.07.140 or newer.
• IGEL OS 10: Upgrade to IGEL OS version 11.07.140 or newer.

References

• HP, „Expat Library update for Teradici PCoIP Software and Firmware“: https://support.hp.com/us-en/document/ish_6052753-6052783-16/hpsbhf03750
• HP, “OpenSSL update for Teradici PCoIP”: https://support.hp.com/us-en/document/ish_6052720-6052798-16/hpsbhf03784