UbuntuUpdates.org

Package "freerdp3"

Name: freerdp3

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Free Remote Desktop Protocol library (client library)
  • Free Remote Desktop Protocol library (server library)
  • Free Remote Desktop Protocol library (core library)
  • Windows Portable Runtime Tools library
Latest version: 3.5.1+dfsg1-0ubuntu1.1
Release: noble (24.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "freerdp3" in Noble

Repository Area Version
base universe 3.5.0+dfsg1-0ubuntu1
base main 3.5.0+dfsg1-0ubuntu1
security universe 3.5.1+dfsg1-0ubuntu1.1
updates main 3.5.1+dfsg1-0ubuntu1.1
updates universe 3.5.1+dfsg1-0ubuntu1.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.5.1+dfsg1-0ubuntu1.1 2025-07-08 15:12:57 UTC

  freerdp3 (3.5.1+dfsg1-0ubuntu1.1) noble-security; urgency=medium

  * SECURITY UPDATE: DoS via crafted RDP packet
    - debian/patches/CVE-2025-4478.patch: initialize function pointers
      after resource allocation in libfreerdp/core/transport.c.
    - CVE-2025-4478

 -- Marc Deslauriers <email address hidden> Mon, 07 Jul 2025 14:44:55 -0400
Source diff to previous version
CVE-2025-4478 A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue

Version: 3.5.1+dfsg1-0ubuntu1 2024-04-29 18:06:58 UTC

  freerdp3 (3.5.1+dfsg1-0ubuntu1) noble-security; urgency=medium

  * SECURITY UPDATE: updated to 3.5.1 to fix multiple security issues
    - CVE-2024-32658 [Low] ExtractRunLengthRegular* out of bound read
    - CVE-2024-32659 [Low] freerdp_image_copy out of bound read
    - CVE-2024-32660 [Low] zgfx_decompress out of memory
    - CVE-2024-32661 [Low] rdp_write_logon_info_v1 NULL access
    - CVE-2024-32662 [Low] rdp_redirection_read_base64_wchar out of bound read

 -- Marc Deslauriers <email address hidden> Mon, 29 Apr 2024 10:25:11 -0400
CVE-2024-32658 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. V
CVE-2024-32659 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if
CVE-2024-32660 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending i
CVE-2024-32661 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` acc
CVE-2024-32662 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. T


About   -   Send Feedback to @ubuntu_updates