Описание
Security update for freerdp
This update for freerdp fixes the following issues:
- CVE-2024-22211: Fixed integer overflow in
freerdp_bitmap_planar_context_resetthat could lead to heap-buffer overflow (bsc#1219049) - CVE-2024-32658: Fixed out-of-bounds read in Interleaved RLE Bitmap Codec in FreeRDP based clients (bsc#1223353)
- CVE-2024-32659: Fixed out-of-bounds read if
((nWidth == 0) and (nHeight == 0))(bsc#1223346) - CVE-2024-32660: Fixed client crash via invalid huge allocation size (bsc#1223347)
- CVE-2024-32661: Fixed client NULL pointer dereference (bsc#1223348)
Список пакетов
SUSE Linux Enterprise Module for Package Hub 15 SP6
SUSE Linux Enterprise Workstation Extension 15 SP6
openSUSE Leap 15.6
Ссылки
- Link for SUSE-SU-2024:2631-1
- E-Mail link for SUSE-SU-2024:2631-1
- SUSE Security Ratings
- SUSE Bug 1219049
- SUSE Bug 1223346
- SUSE Bug 1223347
- SUSE Bug 1223348
- SUSE Bug 1223353
- SUSE CVE CVE-2024-22211 page
- SUSE CVE CVE-2024-32658 page
- SUSE CVE CVE-2024-32659 page
- SUSE CVE CVE-2024-32660 page
- SUSE CVE CVE-2024-32661 page
Описание
FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability.
Затронутые продукты
Ссылки
- CVE-2024-22211
- SUSE Bug 1219049
Описание
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
Затронутые продукты
Ссылки
- CVE-2024-32658
- SUSE Bug 1223353
Описание
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
Затронутые продукты
Ссылки
- CVE-2024-32659
- SUSE Bug 1223346
Описание
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
Затронутые продукты
Ссылки
- CVE-2024-32660
- SUSE Bug 1223347
Описание
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
Затронутые продукты
Ссылки
- CVE-2024-32661
- SUSE Bug 1223348