Package "libfreerdp-server2-2"
Name: |
libfreerdp-server2-2
|
Description: |
Free Remote Desktop Protocol library (server library)
|
Latest version: |
2.6.1+dfsg1-0ubuntu0.20.04.2 |
Release: |
focal (20.04) |
Level: |
updates |
Repository: |
main |
Head package: |
freerdp2 |
Homepage: |
http://www.freerdp.com/ |
Links
Download "libfreerdp-server2-2"
Other versions of "libfreerdp-server2-2" in Focal
Changelog
freerdp2 (2.6.1+dfsg1-0ubuntu0.20.04.2) focal-security; urgency=medium
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2024-32658.patch: fix offset error in
libfreerdp/codec/interleaved.c.
- CVE-2024-32658
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2024-32659.patch: fix out of bound read in
libfreerdp/codec/color.c.
- CVE-2024-32659
* SECURITY UPDATE: crash via invalid huge allocation size
- debian/patches/CVE-2024-32660.patch: allocate in segment steps in
libfreerdp/codec/zgfx.c.
- CVE-2024-32660
* SECURITY UPDATE: NULL access and crash
- debian/patches/CVE-2024-32661.patch: fix missing check in
rdp_write_logon_info_v1 in libfreerdp/core/info.c.
- CVE-2024-32661
-- Marc Deslauriers <email address hidden> Thu, 25 Apr 2024 07:35:20 -0400
|
Source diff to previous version |
CVE-2024-32658 |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. V |
CVE-2024-32659 |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if |
CVE-2024-32660 |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending i |
CVE-2024-32661 |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` acc |
|
freerdp2 (2.6.1+dfsg1-0ubuntu0.20.04.1) focal-security; urgency=medium
* SECURITY UPDATE: Update to 2.6.1 to fix security and compatibility
issues
- debian/patches/*: sync with jammy's 2.6.1+dfsg1-3ubuntu2.6 package.
- debian/*.symbols: added new symbols.
- CVE-2024-22211, CVE-2024-32039, CVE-2024-32041, CVE-2024-32040,
CVE-2024-32458, CVE-2024-32459, CVE-2024-32460
-- Marc Deslauriers <email address hidden> Wed, 24 Apr 2024 09:22:45 -0400
|
Source diff to previous version |
CVE-2024-22211 |
FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_pla |
CVE-2024-32039 |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulner |
CVE-2024-32041 |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vul |
CVE-2024-32040 |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and hav |
CVE-2024-32458 |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vul |
CVE-2024-32459 |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2. |
CVE-2024-32460 |
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version |
|
freerdp2 (2.2.0+dfsg1-0ubuntu0.20.04.6) focal-security; urgency=medium
* SECURITY UPDATE: missing input length validation in drive channel
- debian/patches/CVE-2022-41877.patch: fixed missing stream length
check in channels/drive/client/drive_main.c.
- CVE-2022-41877
* SECURITY UPDATE: OOB write via invalid offset validation
- debian/patches/CVE-2023-39352.patch: add bound check in gdi_SolidFill
in libfreerdp/gdi/gfx.c.
- CVE-2023-39352
* SECURITY UPDATE: OOB read via missing offset validation
- debian/patches/CVE-2023-39356-1.patch: fix checks for multi opaque
rect in libfreerdp/core/orders.c.
- debian/patches/CVE-2023-39356-2.patch: fix reading order number field
in libfreerdp/core/orders.c.
- CVE-2023-39356
-- Marc Deslauriers <email address hidden> Mon, 27 Nov 2023 12:45:36 -0500
|
Source diff to previous version |
CVE-2022-41877 |
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in `drive` channel. A |
|
freerdp2 (2.2.0+dfsg1-0ubuntu0.20.04.5) focal-security; urgency=medium
* SECURITY UPDATE: integer underflow
- debian/patches/CVE-2023-39350.patch: validates package length to prevent
possible out of bound read
- CVE-2023-39350
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2023-39351.patch: frees content of currentMessage on
fail to prevent null pointer access when processing next package
- CVE-2023-39351
* SECURITY UPDATE: missing offset validation
- debian/patches/CVE-2023-39353-01.patch: validates offset to prevent
possible out of bound read
- debian/patches/CVE-2023-39353-02.patch: fixes issues with the original
patch
- CVE-2023-39353
* SECURITY UPDATE: missing input validation
- debian/patches/add_winpr_assert.h.patch: backports <winrp/assert.h>
required by CVE-2023-39354.patch
- debian/patches/format_string_for_Stream_CheckAndLogRequiredLength.patch:
backports functionality required by CVE-2023-39354.patch
- debian/patches/CVE-2023-39354.patch: validates input length to prevent
possible out of bound read
- CVE-2023-39354
* SECURITY UPDATE: integer underflow
- debian/patches/CVE-2023-40181.patch: fixes cBitsRemaining calculation to
prevent possible out of bound read
- CVE-2023-40181
* SECURITY UPDATE: integer overflow
- debian/patches/CVE-2023-40186.patch: fixes integer multiplication to
prevent possible out of bound write
- CVE-2023-40186
* SECURITY UPDATE: missing input validation
- debian/patches/ensure_integer_width.patch: ensures integer width
- debian/patches/CVE-2023-40188.patch: validates input length to prevent
possible out of bound read
- CVE-2023-40188
* SECURITY UPDATE: missing offset validation
- debian/patches/CVE-2023-40567.patch: validates offset to prevent
possible out of bound write
- CVE-2023-40567
* SECURITY UPDATE: incorrect parameter calculation
- debian/patches/CVE-2023-40569.patch: fixes nXSrc and nYSrc calculation
to prevent possible out of bound write
- CVE-2023-40569
* SECURITY UPDATE: global buffer overflow
- debian/patches/CVE-2023-40589.patch: fixes index checks
- CVE-2023-40589
-- Jorge Sancho Larraz <email address hidden> Tue, 03 Oct 2023 18:04:10 +0200
|
Source diff to previous version |
CVE-2023-39351 |
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to |
CVE-2023-39353 |
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing |
CVE-2023-39354 |
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of- |
CVE-2023-40181 |
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer |
CVE-2023-40186 |
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer |
CVE-2023-40188 |
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of- |
CVE-2023-40567 |
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of- |
CVE-2023-40569 |
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of- |
CVE-2023-40589 |
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buff |
|
freerdp2 (2.2.0+dfsg1-0ubuntu0.20.04.4) focal-security; urgency=medium
* SECURITY UPDATE: out of bounds read via parallel driver
- debian/patches/CVE-2022-39282.patch: fix length checks in parallel
driver in channels/parallel/client/parallel_main.c.
- CVE-2022-39282
* SECURITY UPDATE: out of bounds read via video channel
- debian/patches/CVE-2022-39283.patch: fixed missing length check in
video channel in channels/video/client/video_main.c.
- CVE-2022-39283
* SECURITY UPDATE: out of bounds reads in ZGFX decoder component
- debian/patches/CVE-2022-39316_7.patch: added missing length checks in
zgfx_decompress_segment in libfreerdp/codec/zgfx.c.
- CVE-2022-39316
- CVE-2022-39317
* SECURITY UPDATE: missing input validation in urbdrc
- debian/patches/CVE-2022-39318.patch: fixed division by zero in urbdrc
in channels/urbdrc/client/libusb/libusb_udevice.c.
- CVE-2022-39318
* SECURITY UPDATE: missing input length validation in urbdrc
- debian/patches/CVE-2022-39319-1.patch: fixed missing input buffer
length check in urbdrc in channels/urbdrc/client/data_transfer.c.
- debian/patches/CVE-2022-39319-2.patch: added missing length check in
urb_control_transfer in channels/urbdrc/client/data_transfer.c.
- CVE-2022-39319
* SECURITY UPDATE: out of bounds read in usb
- debian/patches/CVE-2022-39320.patch: ensure urb_create_iocompletion
uses size_t for calculation in
channels/urbdrc/client/data_transfer.c.
- CVE-2022-39320
* SECURITY UPDATE: missing path canonicalization and base path check
for drive channel
- debian/patches/CVE-2022-39347-1.patch: added function _wcsncmp in
winpr/include/winpr/string.h, winpr/libwinpr/crt/string.c.
- debian/patches/CVE-2022-39347-2.patch: fix wcs*cmp and wcs*len checks
in winpr/libwinpr/crt/string.c.
- debian/patches/CVE-2022-39347-3.patch: added wcsstr implementation in
winpr/include/winpr/string.h, winpr/libwinpr/crt/string.c.
- debian/patches/CVE-2022-39347-4.patch: fixed path validation in drive
channel in channels/drive/client/drive_file.c,
channels/drive/client/drive_file.h,
channels/drive/client/drive_main.c.
- CVE-2022-39347
-- Marc Deslauriers <email address hidden> Mon, 21 Nov 2022 11:15:20 -0500
|
CVE-2022-39282 |
FreeRDP is a free remote desktop protocol library and clients. FreeRDP based clients on unix systems using `/parallel` command line switch might read |
CVE-2022-39283 |
FreeRDP is a free remote desktop protocol library and clients. All FreeRDP based clients when using the `/video` command line switch might read unini |
CVE-2022-39316 |
FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRD |
CVE-2022-39317 |
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX |
CVE-2022-39318 |
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc` channel. A malic |
CVE-2022-39319 |
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the `urbdrc` chann |
CVE-2022-39320 |
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to |
CVE-2022-39347 |
FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for |
|
About
-
Send Feedback to @ubuntu_updates