UbuntuUpdates.org

Package "libfreerdp2-2"

Name: libfreerdp2-2

Description:

Free Remote Desktop Protocol library (core library)
Latest version: 2.8.1+dfsg1-0ubuntu1.1
Release: kinetic (22.10)
Level: updates
Repository: main
Head package: freerdp2
Homepage: https://www.freerdp.com/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libfreerdp2-2"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libfreerdp2-2" in Kinetic

Repository Area Version
base main 2.8.1+dfsg1-0ubuntu1
security main 2.8.1+dfsg1-0ubuntu1.1

Changelog

Version: 2.8.1+dfsg1-0ubuntu1.1 2022-11-22 19:07:28 UTC

  freerdp2 (2.8.1+dfsg1-0ubuntu1.1) kinetic-security; urgency=medium

  * SECURITY UPDATE: out of bounds reads in ZGFX decoder component
    - debian/patches/CVE-2022-39316_7.patch: added missing length checks in
      zgfx_decompress_segment in libfreerdp/codec/zgfx.c.
    - CVE-2022-39316
    - CVE-2022-39317
  * SECURITY UPDATE: missing input validation in urbdrc
    - debian/patches/CVE-2022-39318.patch: fixed division by zero in urbdrc
      in channels/urbdrc/client/libusb/libusb_udevice.c.
    - CVE-2022-39318
  * SECURITY UPDATE: missing input length validation in urbdrc
    - debian/patches/CVE-2022-39319-1.patch: fixed missing input buffer
      length check in urbdrc in channels/urbdrc/client/data_transfer.c.
    - debian/patches/CVE-2022-39319-2.patch: added missing length check in
      urb_control_transfer in channels/urbdrc/client/data_transfer.c.
    - CVE-2022-39319
  * SECURITY UPDATE: out of bounds read in usb
    - debian/patches/CVE-2022-39320.patch: ensure urb_create_iocompletion
      uses size_t for calculation in
      channels/urbdrc/client/data_transfer.c.
    - CVE-2022-39320
  * SECURITY UPDATE: missing path canonicalization and base path check
    for drive channel
    - debian/patches/CVE-2022-39347-1.patch: added function _wcsncmp in
      winpr/include/winpr/string.h, winpr/libwinpr/crt/string.c.
    - debian/patches/CVE-2022-39347-2.patch: fix wcs*cmp and wcs*len checks
      in winpr/libwinpr/crt/string.c.
    - debian/patches/CVE-2022-39347-3.patch: added wcsstr implementation in
      winpr/include/winpr/string.h, winpr/libwinpr/crt/string.c.
    - debian/patches/CVE-2022-39347-4.patch: fixed path validation in drive
      channel in channels/drive/client/drive_file.c,
      channels/drive/client/drive_file.h,
      channels/drive/client/drive_main.c.
    - CVE-2022-39347

 -- Marc Deslauriers <email address hidden> Mon, 21 Nov 2022 08:33:23 -0500
CVE-2022-39316 FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRD
CVE-2022-39317 FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing a range check for input offset index in ZGFX
CVE-2022-39318 FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in `urbdrc` channel. A malic
CVE-2022-39319 FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in the `urbdrc` chann
CVE-2022-39320 FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to
CVE-2022-39347 FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing path canonicalization and base path check for


About   -   Send Feedback to @ubuntu_updates