Описание
Security update for freerdp
This update for freerdp fixes the following issues:
- CVE-2024-32039: Fixed an out-of-bounds write with variables of type uint32 (bsc#1223293)
- CVE-2024-32040: Fixed a integer underflow when using the 'NSC' codec (bsc#1223294)
- CVE-2024-32041: Fixed an out-of-bounds read in Stream_GetRemainingLength() (bsc#1223295)
- CVE-2024-32458: Fixed an out-of-bounds read on pSrcData[] (bsc#1223296)
- CVE-2024-32459: Fixed an out-of-bounds read in case SrcSize less than 4 (bsc#1223297)
- CVE-2024-32460: Fixed an out-of-bounds read when using '/bpp:32' legacy 'GDI' drawing path (bsc#1223298)
Список пакетов
SUSE Linux Enterprise Software Development Kit 12 SP5
SUSE Linux Enterprise Workstation Extension 12 SP5
Ссылки
- Link for SUSE-SU-2024:1609-1
- E-Mail link for SUSE-SU-2024:1609-1
- SUSE Security Ratings
- SUSE Bug 1223293
- SUSE Bug 1223294
- SUSE Bug 1223295
- SUSE Bug 1223296
- SUSE Bug 1223297
- SUSE Bug 1223298
- SUSE CVE CVE-2024-32039 page
- SUSE CVE CVE-2024-32040 page
- SUSE CVE CVE-2024-32041 page
- SUSE CVE CVE-2024-32458 page
- SUSE CVE CVE-2024-32459 page
- SUSE CVE CVE-2024-32460 page
Описание
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).
Затронутые продукты
Ссылки
- CVE-2024-32039
- SUSE Bug 1223293
Описание
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`).
Затронутые продукты
Ссылки
- CVE-2024-32040
- SUSE Bug 1223294
Описание
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead.
Затронутые продукты
Ссылки
- CVE-2024-32041
- SUSE Bug 1223295
Описание
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by default, require server side support).
Затронутые продукты
Ссылки
- CVE-2024-32458
- SUSE Bug 1223296
Описание
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.
Затронутые продукты
Ссылки
- CVE-2024-32459
- SUSE Bug 1223297
Описание
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support.
Затронутые продукты
Ссылки
- CVE-2024-32460
- SUSE Bug 1223298