ALSA-2024:2208

[ALSA-2024:2208] Moderate: freerdp security update

Type:

security

Severity:

moderate

Release date:

2024-05-07

Description:

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.

Security Fix(es):

* freerdp: Incorrect offset calculation leading to DOS (CVE-2023-39350)
* freerdp: Null Pointer Dereference leading DOS in RemoteFX (CVE-2023-39351)
* freerdp: invalid offset validation leading to Out Of Bound Write (CVE-2023-39352)
* freerdp: missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect (CVE-2023-39356)
* freerdp: Integer overflow leading to out-of-bound write vulnerability in gdi_CreateSurface (CVE-2023-40186)
* freerdp: Out-of-bounds write in clear_decompress_bands_data (CVE-2023-40567)
* freerdp: Out-of-bounds write in the `progressive_decompress` function due to incorrect calculations (CVE-2023-40569)
* freerdp: buffer overflow in ncrush_decompress causes crash with crafted input (CVE-2023-40589)
* freerdp: missing offset validation leading to Out Of Bound Read (CVE-2023-39353)
* freerdp: Out-Of-Bounds Read in nsc_rle_decompress_data (CVE-2023-39354)
* freerdp: integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment (CVE-2023-40181)
* freerdp: Out-of-bounds read in general_LumaToYUV444 (CVE-2023-40188)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	freerdp-2.11.2-1.el9.aarch64.rpm	51d52db4144c705f9d93e283669f3830d9137a8c39b36e33dfdaeb88831421fc
aarch64	libwinpr-2.11.2-1.el9.aarch64.rpm	549aed95c1ed075e7c49ca589fa4587dfff17562d87fff7ef86bb3a00e39791e
aarch64	freerdp-libs-2.11.2-1.el9.aarch64.rpm	92c2ec10f4cd20f25d3d76bf05fa84136317e29472b47fcbca41485b4d884078
aarch64	freerdp-devel-2.11.2-1.el9.aarch64.rpm	c80e2a5bfcf37068b1485a313c7799779bf0a4e01bfd0deaf9f429c44311d758
aarch64	libwinpr-devel-2.11.2-1.el9.aarch64.rpm	d07b45debd13f257ec7a99995bf29936114605cceaf1130c3a7155e066d546d8
i686	libwinpr-devel-2.11.2-1.el9.i686.rpm	541068d16c9b71bc99dce43711cc4b8dc6886140bf0e69bfac0a99685014627f
i686	libwinpr-2.11.2-1.el9.i686.rpm	62f6a8596fd15990a032ddc5d030dee1c120a99ad9688aa74566e8afb7d78a58
i686	freerdp-devel-2.11.2-1.el9.i686.rpm	b255e88908418573383ec0654bea71c36b4a4d5d8fe57e7e92bafb14e908149d
i686	freerdp-libs-2.11.2-1.el9.i686.rpm	cffad50f8ce5f298e6752e3bc496a43d69b78044e0cc65629bb8145e06949038
ppc64le	freerdp-devel-2.11.2-1.el9.ppc64le.rpm	ac68c37a53f482ed7552e3bb6bdb10dd09ce441e6be9fe28c0af0cdd21da9c6b
ppc64le	libwinpr-devel-2.11.2-1.el9.ppc64le.rpm	d7c95727ed4518bcb6e58858ed9f0f89ad7a455bcd248eed81067acc2b905cd7
ppc64le	libwinpr-2.11.2-1.el9.ppc64le.rpm	da440a04b8029766b56b52503459a8bbd8cd27d39a8ecd2d78a699a7b69e1f48
ppc64le	freerdp-2.11.2-1.el9.ppc64le.rpm	dbfaa553f952e4dd0e60f708b9d9988ead8f0f3835561c6f35f612923358d795
ppc64le	freerdp-libs-2.11.2-1.el9.ppc64le.rpm	f75d8145f6ce64ec72452c0ae8307baf5e9876efd9ac225d6d113889320c3e27
s390x	libwinpr-devel-2.11.2-1.el9.s390x.rpm	0e932d10ad80a54dd06a9dc8c53c62f98057f5f0e56bbb8e8df0544ecc36b12b
s390x	libwinpr-2.11.2-1.el9.s390x.rpm	32fba47558dc297c17987aa2740dd435809d58e022778dab12dd9b03d136f832
s390x	freerdp-2.11.2-1.el9.s390x.rpm	3bb22a50e0c5d2e2723fdb66d93c1ecaf011bf7d6fbdd05fd86a9d834ae04c5b
s390x	freerdp-libs-2.11.2-1.el9.s390x.rpm	43657df33ac10340b91411776adf5d6af00331c7109c007a290488db5ac7d0a7
s390x	freerdp-devel-2.11.2-1.el9.s390x.rpm	57fe36d950db5dd66f9e554a0c737c746cde634400dcf0b8e918c28837311add
x86_64	freerdp-2.11.2-1.el9.x86_64.rpm	3522b754ce06cd5b906d7023a2a6e83502a2f134f6fa571cdb9aaba562775db4
x86_64	libwinpr-devel-2.11.2-1.el9.x86_64.rpm	9776756c2fdb90b4665f97bbf7a60eb29656a774875fdd666a9408a3b4c965b5
x86_64	freerdp-devel-2.11.2-1.el9.x86_64.rpm	a740f259b551fd2b37dc69429b83da4f6a2451999b86a61509562d96d1e7cb93
x86_64	freerdp-libs-2.11.2-1.el9.x86_64.rpm	ba75ff544a79566cd6b3582c33fba193546fe32fcb693e836cffddbe6dbec0a6
x86_64	libwinpr-2.11.2-1.el9.x86_64.rpm	c882b084fe6c8598240f29b3169c3b03a77522d851b00ddfdefaeb7ab598dbec

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.