Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:1835-1

Опубликовано: 29 мая 2024
Источник: suse-cvrf

Описание

Security update for freerdp

This update for freerdp fixes the following issues:

  • CVE-2024-32658: Fixed out-of-bounds read in Interleaved RLE Bitmap Codec (bsc#1223353).
  • CVE-2024-32659: Fixed out-of-bounds read if ((nWidth == 0) and (nHeight == 0)) (bsc#1223346)
  • CVE-2024-32660: Fixed client crash via invalid huge allocation size (bsc#1223347)
  • CVE-2024-32661: Fixed client NULL pointer dereference (bsc#1223348)

Список пакетов

SUSE Linux Enterprise Software Development Kit 12 SP5
freerdp-devel-2.1.2-12.47.1
libfreerdp2-2.1.2-12.47.1
libwinpr2-2.1.2-12.47.1
winpr2-devel-2.1.2-12.47.1
SUSE Linux Enterprise Workstation Extension 12 SP5
freerdp-2.1.2-12.47.1
freerdp-proxy-2.1.2-12.47.1
freerdp-server-2.1.2-12.47.1
libfreerdp2-2.1.2-12.47.1
libwinpr2-2.1.2-12.47.1

Ссылки

Описание

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP5:freerdp-devel-2.1.2-12.47.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libfreerdp2-2.1.2-12.47.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libwinpr2-2.1.2-12.47.1
SUSE Linux Enterprise Software Development Kit 12 SP5:winpr2-devel-2.1.2-12.47.1
Ссылки

Описание

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP5:freerdp-devel-2.1.2-12.47.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libfreerdp2-2.1.2-12.47.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libwinpr2-2.1.2-12.47.1
SUSE Linux Enterprise Software Development Kit 12 SP5:winpr2-devel-2.1.2-12.47.1
Ссылки

Описание

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP5:freerdp-devel-2.1.2-12.47.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libfreerdp2-2.1.2-12.47.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libwinpr2-2.1.2-12.47.1
SUSE Linux Enterprise Software Development Kit 12 SP5:winpr2-devel-2.1.2-12.47.1
Ссылки

Описание

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP5:freerdp-devel-2.1.2-12.47.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libfreerdp2-2.1.2-12.47.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libwinpr2-2.1.2-12.47.1
SUSE Linux Enterprise Software Development Kit 12 SP5:winpr2-devel-2.1.2-12.47.1
Ссылки