UbuntuUpdates.org

Package "libwinpr-tools2-2"

Name: libwinpr-tools2-2

Description:

Windows Portable Runtime Tools library
Latest version: 2.6.1+dfsg1-3ubuntu2.10
Release: jammy (22.04)
Level: security
Repository: main
Head package: freerdp2
Homepage: https://www.freerdp.com/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libwinpr-tools2-2"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libwinpr-tools2-2" in Jammy

Repository Area Version
base main 2.6.1+dfsg1-3ubuntu1
updates main 2.6.1+dfsg1-3ubuntu2.10

Changelog

Version: 2.6.1+dfsg1-3ubuntu2.10 2026-02-16 08:07:44 UTC

  freerdp2 (2.6.1+dfsg1-3ubuntu2.10) jammy-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2026-23948.patch: fix missing NULL check
    - CVE-2026-23948
  * SECURITY UPDATE: heap overflow
    - debian/patches/CVE-2026-24675.patch: do not free MsConfig on
      failure
    - debian/patches/CVE-2026-24679.patch: ensure InterfaceNumber is
      within range
    - debian/patches/CVE-2026-24682.patch: fix audin_server_recv_formats
      cleanup
    - CVE-2026-24675
    - CVE-2026-24679
    - CVE-2026-24682
  * SECURITY UPDATE: heap use after free
    - debian/patches/CVE-2026-24676.patch: reset audin->format
    - debian/patches/CVE-2026-24681.patch: cancel all usb transfers on
      channel close
    - debian/patches/CVE-2026-24683.patch: lock context when updating
      listener
    - debian/patches/CVE-2026-24684-1.patch: terminate thread before
      free
    - debian/patches/CVE-2026-24684-2.patch: only clean up thread
      before free
    - CVE-2026-24676
    - CVE-2026-24681
    - CVE-2026-24683
    - CVE-2026-24684

 -- Nishit Majithia <email address hidden> Thu, 12 Feb 2026 21:45:06 +0530
Source diff to previous version
CVE-2026-23948 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdp_write_logon_info_v2
CVE-2026-24675 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urb_select_interface can free the device's MS config on error but l
CVE-2026-24679 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array i
CVE-2026-24682 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio format
CVE-2026-24676 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the c
CVE-2026-24681 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel cal
CVE-2026-24683 FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and later uses i
CVE-2026-24684 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the

Version: 2.6.1+dfsg1-3ubuntu2.9 2026-02-09 00:08:21 UTC

  freerdp2 (2.6.1+dfsg1-3ubuntu2.9) jammy-security; urgency=medium

  * SECURITY REGRESSION: Regression causing Remmina SEGV (LP: #2139694)
    - debian/patches/CVE-2026-23533.patch: updated to use correct size
      calculation for realloc.

 -- Marc Deslauriers <email address hidden> Wed, 04 Feb 2026 07:52:50 -0500
Source diff to previous version
2139694 SEGV in remmina or xfreerdp since upgrade to 2.6.1+dfsg1-3ubuntu2.8 on jammy
CVE-2026-23533 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX Cle

Version: 2.6.1+dfsg1-3ubuntu2.8 2026-02-03 09:08:03 UTC

  freerdp2 (2.6.1+dfsg1-3ubuntu2.8) jammy-security; urgency=medium

  * SECURITY UPDATE: Buffer Overflow
    - debian/patches/CVE-2026-23530.patch: Fix decoder length checks
    - debian/patches/CVE-2026-23531-1.patch: Fix missing length checks
    - debian/patches/CVE-2026-23531-2.patch: check clear_decomress glyphData
    - debian/patches/CVE-2026-23532.patch: Properly clamp SurfaceToSurface
    - debian/patches/CVE-2026-23533.patch: Fix clear_resize_buffer checks
    - debian/patches/CVE-2026-23534.patch: Fix off by one length check
    - CVE-2026-23530
    - CVE-2026-23531
    - CVE-2026-23532
    - CVE-2026-23533
    - CVE-2026-23534

 -- Bruce Cable <email address hidden> Mon, 02 Feb 2026 13:27:19 +1100
Source diff to previous version
CVE-2026-23530 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0,`freerdp_bitmap_decompress_planar` does not validate `nSrcWi
CVE-2026-23531 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when `glyphData` is present, `clear_decompre
CVE-2026-23532 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP c
CVE-2026-23533 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the RDPGFX Cle
CVE-2026-23534 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec

Version: 2.6.1+dfsg1-3ubuntu2.7 2024-04-25 16:07:20 UTC

  freerdp2 (2.6.1+dfsg1-3ubuntu2.7) jammy-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2024-32658.patch: fix offset error in
      libfreerdp/codec/interleaved.c.
    - CVE-2024-32658
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2024-32659.patch: fix out of bound read in
      libfreerdp/codec/color.c.
    - CVE-2024-32659
  * SECURITY UPDATE: crash via invalid huge allocation size
    - debian/patches/CVE-2024-32660.patch: allocate in segment steps in
      libfreerdp/codec/zgfx.c.
    - CVE-2024-32660
  * SECURITY UPDATE: NULL access and crash
    - debian/patches/CVE-2024-32661.patch: fix missing check in
      rdp_write_logon_info_v1 in libfreerdp/core/info.c.
    - CVE-2024-32661

 -- Marc Deslauriers <email address hidden> Thu, 25 Apr 2024 07:35:20 -0400
Source diff to previous version
CVE-2024-32658 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. V
CVE-2024-32659 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if
CVE-2024-32660 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending i
CVE-2024-32661 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` acc

Version: 2.6.1+dfsg1-3ubuntu2.6 2024-04-24 18:07:08 UTC

  freerdp2 (2.6.1+dfsg1-3ubuntu2.6) jammy-security; urgency=medium

  * SECURITY UPDATE: integer overflow in freerdp_bitmap_planar_context_reset
    - debian/patches/CVE-2024-22211.patch: check resolution for overflow in
      libfreerdp/codec/planar.c.
    - CVE-2024-22211
  * SECURITY UPDATE: out-of-bounds write and out-of-bounds read
    - debian/patches/CVE-2024-32039_41.patch: reorder check to prevent
      possible integer overflow in libfreerdp/codec/clear.c,
      libfreerdp/codec/zgfx.c.
    - CVE-2024-32039
    - CVE-2024-32041
  * SECURITY UPDATE: integer underflow in NSC codec
    - debian/patches/CVE-2024-32040.patch: abort if there are more bytes to
      be read then there are left in libfreerdp/codec/nsc.c.
    - CVE-2024-32040
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2024-32458.patch: fix missing input length checks
      in libfreerdp/codec/planar.c.
    - CVE-2024-32458
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2024-32459.patch: fix missing input length check
      in libfreerdp/codec/ncrush.c.
    - CVE-2024-32459
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2024-32460.patch: add checks to
      libfreerdp/codec/include/bitmap.c, libfreerdp/codec/interleaved.c.
    - CVE-2024-32460

 -- Marc Deslauriers <email address hidden> Tue, 23 Apr 2024 10:58:50 -0400
CVE-2024-22211 FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_pla
CVE-2024-32039 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulner
CVE-2024-32041 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vul
CVE-2024-32040 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and hav
CVE-2024-32458 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vul
CVE-2024-32459 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.
CVE-2024-32460 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version


About   -   Send Feedback to @ubuntu_updates