UbuntuUpdates.org

Package "freerdp2"

Name: freerdp2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • FreeRDP x11 shadowing server
  • RDP client for Windows Terminal Services (wayland client)
  • RDP client for Windows Terminal Services (X11 client)
Latest version: 2.10.0+dfsg1-1ubuntu0.3
Release: lunar (23.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "freerdp2" in Lunar

Repository Area Version
base main 2.10.0+dfsg1-1
base universe 2.10.0+dfsg1-1
security main 2.10.0+dfsg1-1ubuntu0.3
security universe 2.10.0+dfsg1-1ubuntu0.3
updates main 2.10.0+dfsg1-1ubuntu0.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.10.0+dfsg1-1ubuntu0.3 2023-11-29 17:07:25 UTC

  freerdp2 (2.10.0+dfsg1-1ubuntu0.3) lunar-security; urgency=medium

  * SECURITY UPDATE: OOB write via invalid offset validation
    - debian/patches/CVE-2023-39352.patch: add bound check in gdi_SolidFill
      in libfreerdp/gdi/gfx.c.
    - CVE-2023-39352
  * SECURITY UPDATE: OOB read via missing offset validation
    - debian/patches/CVE-2023-39356-1.patch: fix checks for multi opaque
      rect in libfreerdp/core/orders.c.
    - debian/patches/CVE-2023-39356-2.patch: fix reading order number field
      in libfreerdp/core/orders.c.
    - CVE-2023-39356

 -- Marc Deslauriers <email address hidden> Mon, 27 Nov 2023 12:28:28 -0500
Source diff to previous version

Version: 2.10.0+dfsg1-1ubuntu0.2 2023-10-04 11:09:58 UTC

  freerdp2 (2.10.0+dfsg1-1ubuntu0.2) lunar-security; urgency=medium

  * SECURITY UPDATE: integer underflow
    - debian/patches/CVE-2023-39350.patch: validates package length to prevent
      possible out of bound read
    - CVE-2023-39350
  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2023-39351.patch: frees content of currentMessage on
      fail to prevent null pointer access when processing next package
    - CVE-2023-39351
  * SECURITY UPDATE: missing offset validation
    - debian/patches/CVE-2023-39353-01.patch: validates offset to prevent
      possible out of bound read
    - debian/patches/CVE-2023-39353-02.patch: fixes issues with the previous
      patch
    - CVE-2023-39353
  * SECURITY UPDATE: missing input validation
    - debian/patches/CVE-2023-39354.patch: validates input length to prevent
      possible out of bound read
    - CVE-2023-39354
  * SECURITY UPDATE: integer underflow
    - debian/patches/CVE-2023-40181.patch: fixes cBitsRemaining calculation to
      prevent possible out of bound read
    - CVE-2023-40181
  * SECURITY UPDATE: integer overflow
    - debian/patches/CVE-2023-40186.patch: fixes integer multiplication to
      prevent possible out of bound write
    - CVE-2023-40186
  * SECURITY UPDATE: missing input validation
    - debian/patches/ensure_integer_width.patch: ensures integer width
    - debian/patches/CVE-2023-40188.patch: validates input length to prevent
      possible out of bound read
    - CVE-2023-40188
  * SECURITY UPDATE: missing offset validation
    - debian/patches/CVE-2023-40567.patch: validates offset to prevent
      possible out of bound write
    - CVE-2023-40567
  * SECURITY UPDATE: incorrect parameter calculation
    - debian/patches/CVE-2023-40569.patch: fixes nXSrc and nYSrc calculation
      to prevent possible out of bound write
    - CVE-2023-40569
  * SECURITY UPDATE: global buffer overflow
    - debian/patches/CVE-2023-40589.patch: fixes index checks
    - CVE-2023-40589

 -- Jorge Sancho Larraz <email address hidden> Thu, 28 Sep 2023 11:42:28 +0200
CVE-2023-39351 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to
CVE-2023-39353 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing
CVE-2023-39354 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-
CVE-2023-40181 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer
CVE-2023-40186 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer
CVE-2023-40188 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-
CVE-2023-40567 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-
CVE-2023-40569 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-
CVE-2023-40589 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buff


About   -   Send Feedback to @ubuntu_updates