Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2021-4622

Опубликовано: 18 нояб. 2021
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2021-4622: freerdp security update (IMPORTANT)

[2:2.2.0-7]

  • Updated: Refactored RPC gateway parser (rhbz#2017948)
    • fixed issues discovered by Covscan

[2:2.2.0-6]

  • Refactored RPC gateway parser (rhbz#2017948)

[2:2.2.0-5]

  • Revert: Refactored RPC gateway parser (rhbz#2017948)

[2:2.2.0-4]

  • Refactored RPC gateway parser (rhbz#2017948)

[2:2.2.0-3]

  • Add checks for bitmap and glyph width/heigth values (rhbz#2017955)

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

freerdp

2.2.0-7.el8_5

freerdp-devel

2.2.0-7.el8_5

freerdp-libs

2.2.0-7.el8_5

libwinpr

2.2.0-7.el8_5

libwinpr-devel

2.2.0-7.el8_5

Oracle Linux x86_64

freerdp

2.2.0-7.el8_5

freerdp-devel

2.2.0-7.el8_5

freerdp-libs

2.2.0-7.el8_5

libwinpr

2.2.0-7.el8_5

libwinpr-devel

2.2.0-7.el8_5

Связанные CVE

Связанные уязвимости

suse-cvrf
почти 3 года назад

Security update for freerdp

rocky
больше 3 лет назад

Important: freerdp security update

oracle-oval
больше 3 лет назад

ELSA-2021-4619: freerdp security update (IMPORTANT)

CVSS3: 5.3
ubuntu
почти 4 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.

CVSS3: 8.8
redhat
почти 4 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a malicious server might trigger out of bound writes in a connected client. Connections using GDI or SurfaceCommands to send graphics updates to the client might send `0` width/height or out of bound rectangles to trigger out of bound writes. With `0` width or heigth the memory allocation will be `0` but the missing bounds checks allow writing to the pointer at this (not allocated) region. This issue has been patched in FreeRDP 2.4.1.