Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2021-4619

Опубликовано: 11 нояб. 2021
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2021-4619: freerdp security update (IMPORTANT)

[2:2.2.0-5]

  • Update: Refactored RPC gateway parser (rhbz#2017944)
    • fix issues discovered by Covscan

[2:2.2.0-4]

  • Refactored RPC gateway parser (rhbz#2017944)

[2.1.1-3]

  • Add checks for bitmap and glyph width/heigth values (rhbz#2017951)

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

freerdp

2.1.1-5.el7_9

freerdp-devel

2.1.1-5.el7_9

freerdp-libs

2.1.1-5.el7_9

libwinpr

2.1.1-5.el7_9

libwinpr-devel

2.1.1-5.el7_9

Oracle Linux x86_64

freerdp

2.1.1-5.el7_9

freerdp-devel

2.1.1-5.el7_9

freerdp-libs

2.1.1-5.el7_9

libwinpr

2.1.1-5.el7_9

libwinpr-devel

2.1.1-5.el7_9

Связанные CVE

Связанные уязвимости

suse-cvrf
почти 3 года назад

Security update for freerdp

rocky
больше 3 лет назад

Important: freerdp security update

oracle-oval
больше 3 лет назад

ELSA-2021-4622: freerdp security update (IMPORTANT)

CVSS3: 5.3
ubuntu
почти 4 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.

CVSS3: 8.8
redhat
почти 4 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.