Package "libfreerdp-server2-2"
Name: |
libfreerdp-server2-2
|
Description: |
Free Remote Desktop Protocol library (server library)
|
Latest version: |
2.10.0+dfsg1-1ubuntu0.3 |
Release: |
lunar (23.04) |
Level: |
updates |
Repository: |
main |
Head package: |
freerdp2 |
Homepage: |
https://www.freerdp.com/ |
Links
Download "libfreerdp-server2-2"
Other versions of "libfreerdp-server2-2" in Lunar
Changelog
freerdp2 (2.10.0+dfsg1-1ubuntu0.3) lunar-security; urgency=medium
* SECURITY UPDATE: OOB write via invalid offset validation
- debian/patches/CVE-2023-39352.patch: add bound check in gdi_SolidFill
in libfreerdp/gdi/gfx.c.
- CVE-2023-39352
* SECURITY UPDATE: OOB read via missing offset validation
- debian/patches/CVE-2023-39356-1.patch: fix checks for multi opaque
rect in libfreerdp/core/orders.c.
- debian/patches/CVE-2023-39356-2.patch: fix reading order number field
in libfreerdp/core/orders.c.
- CVE-2023-39356
-- Marc Deslauriers <email address hidden> Mon, 27 Nov 2023 12:28:28 -0500
|
Source diff to previous version |
freerdp2 (2.10.0+dfsg1-1ubuntu0.2) lunar-security; urgency=medium
* SECURITY UPDATE: integer underflow
- debian/patches/CVE-2023-39350.patch: validates package length to prevent
possible out of bound read
- CVE-2023-39350
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2023-39351.patch: frees content of currentMessage on
fail to prevent null pointer access when processing next package
- CVE-2023-39351
* SECURITY UPDATE: missing offset validation
- debian/patches/CVE-2023-39353-01.patch: validates offset to prevent
possible out of bound read
- debian/patches/CVE-2023-39353-02.patch: fixes issues with the previous
patch
- CVE-2023-39353
* SECURITY UPDATE: missing input validation
- debian/patches/CVE-2023-39354.patch: validates input length to prevent
possible out of bound read
- CVE-2023-39354
* SECURITY UPDATE: integer underflow
- debian/patches/CVE-2023-40181.patch: fixes cBitsRemaining calculation to
prevent possible out of bound read
- CVE-2023-40181
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-40186.patch: fixes integer multiplication to
prevent possible out of bound write
- CVE-2023-40186
* SECURITY UPDATE: missing input validation
- debian/patches/ensure_integer_width.patch: ensures integer width
- debian/patches/CVE-2023-40188.patch: validates input length to prevent
possible out of bound read
- CVE-2023-40188
* SECURITY UPDATE: missing offset validation
- debian/patches/CVE-2023-40567.patch: validates offset to prevent
possible out of bound write
- CVE-2023-40567
* SECURITY UPDATE: incorrect parameter calculation
- debian/patches/CVE-2023-40569.patch: fixes nXSrc and nYSrc calculation
to prevent possible out of bound write
- CVE-2023-40569
* SECURITY UPDATE: global buffer overflow
- debian/patches/CVE-2023-40589.patch: fixes index checks
- CVE-2023-40589
-- Jorge Sancho Larraz <email address hidden> Thu, 28 Sep 2023 11:42:28 +0200
|
CVE-2023-39351 |
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to |
CVE-2023-39353 |
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing |
CVE-2023-39354 |
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of- |
CVE-2023-40181 |
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer |
CVE-2023-40186 |
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer |
CVE-2023-40188 |
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of- |
CVE-2023-40567 |
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of- |
CVE-2023-40569 |
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of- |
CVE-2023-40589 |
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buff |
|
About
-
Send Feedback to @ubuntu_updates