Package "freerdp2"
Name: |
freerdp2
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- Free Remote Desktop Protocol library (development files)
- Free Remote Desktop Protocol library (client library)
- Free Remote Desktop Protocol library (server library)
- FreeRDP Remote Desktop Protocol shadow subsystem libraries
|
Latest version: |
2.10.0+dfsg1-1.1ubuntu1.3 |
Release: |
mantic (23.10) |
Level: |
updates |
Repository: |
main |
Links
Other versions of "freerdp2" in Mantic
Packages in group
Deleted packages are displayed in grey.
Changelog
freerdp2 (2.10.0+dfsg1-1.1ubuntu1.3) mantic-security; urgency=medium
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2024-32658.patch: fix offset error in
libfreerdp/codec/interleaved.c.
- CVE-2024-32658
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2024-32659.patch: fix out of bound read in
libfreerdp/codec/color.c.
- CVE-2024-32659
* SECURITY UPDATE: crash via invalid huge allocation size
- debian/patches/CVE-2024-32660.patch: allocate in segment steps in
libfreerdp/codec/zgfx.c.
- CVE-2024-32660
* SECURITY UPDATE: NULL access and crash
- debian/patches/CVE-2024-32661.patch: fix missing check in
rdp_write_logon_info_v1 in libfreerdp/core/info.c.
- CVE-2024-32661
-- Marc Deslauriers <email address hidden> Thu, 25 Apr 2024 07:08:28 -0400
|
Source diff to previous version |
CVE-2024-32658 |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. V |
CVE-2024-32659 |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if |
CVE-2024-32660 |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending i |
CVE-2024-32661 |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` acc |
|
freerdp2 (2.10.0+dfsg1-1.1ubuntu1.2) mantic-security; urgency=medium
* SECURITY UPDATE: integer overflow in freerdp_bitmap_planar_context_reset
- debian/patches/CVE-2024-22211.patch: check resolution for overflow in
libfreerdp/codec/planar.c.
- CVE-2024-22211
* SECURITY UPDATE: out-of-bounds write and out-of-bounds read
- debian/patches/CVE-2024-32039_41.patch: reorder check to prevent
possible integer overflow in libfreerdp/codec/clear.c,
libfreerdp/codec/zgfx.c.
- CVE-2024-32039
- CVE-2024-32041
* SECURITY UPDATE: integer underflow in NSC codec
- debian/patches/CVE-2024-32040.patch: abort if there are more bytes to
be read then there are left in libfreerdp/codec/nsc.c.
- CVE-2024-32040
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2024-32458.patch: fix missing input length checks
in libfreerdp/codec/planar.c.
- CVE-2024-32458
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2024-32459.patch: fix missing input length check
in libfreerdp/codec/ncrush.c.
- CVE-2024-32459
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2024-32460.patch: add checks to
libfreerdp/codec/include/bitmap.c, libfreerdp/codec/interleaved.c.
- CVE-2024-32460
-- Marc Deslauriers <email address hidden> Tue, 23 Apr 2024 10:51:20 -0400
|
Source diff to previous version |
CVE-2024-22211 |
FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_pla |
CVE-2024-32039 |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulner |
CVE-2024-32041 |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vul |
CVE-2024-32040 |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and hav |
CVE-2024-32458 |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vul |
CVE-2024-32459 |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2. |
CVE-2024-32460 |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version |
|
freerdp2 (2.10.0+dfsg1-1.1ubuntu1.1) mantic-security; urgency=medium
* SECURITY UPDATE: OOB write via invalid offset validation
- debian/patches/CVE-2023-39352.patch: add bound check in gdi_SolidFill
in libfreerdp/gdi/gfx.c.
- CVE-2023-39352
* SECURITY UPDATE: OOB read via missing offset validation
- debian/patches/CVE-2023-39356-1.patch: fix checks for multi opaque
rect in libfreerdp/core/orders.c.
- debian/patches/CVE-2023-39356-2.patch: fix reading order number field
in libfreerdp/core/orders.c.
- CVE-2023-39356
-- Marc Deslauriers <email address hidden> Mon, 27 Nov 2023 12:24:27 -0500
|
About
-
Send Feedback to @ubuntu_updates