Описание
ELSA-2024-9092: freerdp security update (MODERATE)
[2:2.11.7-1]
- Update to 2.11.7 (CVE-2024-32039, CVE-2024-32040, CVE-2024-32041, CVE-2024-32458, CVE-2024-32459, CVE-2024-32460, CVE-2024-32658, CVE-2024-32659, CVE-2024-32660, CVE-2024-32661, CVE-2024-32662)
[2:2.11.2-2]
- CVE-2024-22211: Check codec resolution for overflow (RHEL-22244)
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
freerdp
2.11.7-1.el9
freerdp-devel
2.11.7-1.el9
freerdp-libs
2.11.7-1.el9
libwinpr
2.11.7-1.el9
libwinpr-devel
2.11.7-1.el9
Oracle Linux x86_64
freerdp
2.11.7-1.el9
freerdp-devel
2.11.7-1.el9
freerdp-libs
2.11.7-1.el9
libwinpr
2.11.7-1.el9
libwinpr-devel
2.11.7-1.el9
Ссылки на источники
Связанные уязвимости
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support.
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support.