UbuntuUpdates.org

Package "freerdp2"

Name: freerdp2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • FreeRDP x11 shadowing server
  • RDP client for Windows Terminal Services (wayland client)
  • RDP client for Windows Terminal Services (X11 client)
Latest version: 2.10.0+dfsg1-1.1ubuntu1.3
Release: mantic (23.10)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "freerdp2" in Mantic

Repository Area Version
base universe 2.10.0+dfsg1-1.1ubuntu1
base main 2.10.0+dfsg1-1.1ubuntu1
security main 2.10.0+dfsg1-1.1ubuntu1.3
security universe 2.10.0+dfsg1-1.1ubuntu1.3
updates main 2.10.0+dfsg1-1.1ubuntu1.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.10.0+dfsg1-1.1ubuntu1.3 2024-04-25 19:08:37 UTC

  freerdp2 (2.10.0+dfsg1-1.1ubuntu1.3) mantic-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2024-32658.patch: fix offset error in
      libfreerdp/codec/interleaved.c.
    - CVE-2024-32658
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2024-32659.patch: fix out of bound read in
      libfreerdp/codec/color.c.
    - CVE-2024-32659
  * SECURITY UPDATE: crash via invalid huge allocation size
    - debian/patches/CVE-2024-32660.patch: allocate in segment steps in
      libfreerdp/codec/zgfx.c.
    - CVE-2024-32660
  * SECURITY UPDATE: NULL access and crash
    - debian/patches/CVE-2024-32661.patch: fix missing check in
      rdp_write_logon_info_v1 in libfreerdp/core/info.c.
    - CVE-2024-32661

 -- Marc Deslauriers <email address hidden> Thu, 25 Apr 2024 07:08:28 -0400
Source diff to previous version
CVE-2024-32658 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. V
CVE-2024-32659 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if
CVE-2024-32660 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending i
CVE-2024-32661 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` acc

Version: 2.10.0+dfsg1-1.1ubuntu1.2 2024-04-24 20:07:21 UTC

  freerdp2 (2.10.0+dfsg1-1.1ubuntu1.2) mantic-security; urgency=medium

  * SECURITY UPDATE: integer overflow in freerdp_bitmap_planar_context_reset
    - debian/patches/CVE-2024-22211.patch: check resolution for overflow in
      libfreerdp/codec/planar.c.
    - CVE-2024-22211
  * SECURITY UPDATE: out-of-bounds write and out-of-bounds read
    - debian/patches/CVE-2024-32039_41.patch: reorder check to prevent
      possible integer overflow in libfreerdp/codec/clear.c,
      libfreerdp/codec/zgfx.c.
    - CVE-2024-32039
    - CVE-2024-32041
  * SECURITY UPDATE: integer underflow in NSC codec
    - debian/patches/CVE-2024-32040.patch: abort if there are more bytes to
      be read then there are left in libfreerdp/codec/nsc.c.
    - CVE-2024-32040
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2024-32458.patch: fix missing input length checks
      in libfreerdp/codec/planar.c.
    - CVE-2024-32458
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2024-32459.patch: fix missing input length check
      in libfreerdp/codec/ncrush.c.
    - CVE-2024-32459
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2024-32460.patch: add checks to
      libfreerdp/codec/include/bitmap.c, libfreerdp/codec/interleaved.c.
    - CVE-2024-32460

 -- Marc Deslauriers <email address hidden> Tue, 23 Apr 2024 10:51:20 -0400
Source diff to previous version
CVE-2024-22211 FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_pla
CVE-2024-32039 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulner
CVE-2024-32041 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vul
CVE-2024-32040 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and hav
CVE-2024-32458 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vul
CVE-2024-32459 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.
CVE-2024-32460 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version

Version: 2.10.0+dfsg1-1.1ubuntu1.1 2023-11-29 17:07:25 UTC

  freerdp2 (2.10.0+dfsg1-1.1ubuntu1.1) mantic-security; urgency=medium

  * SECURITY UPDATE: OOB write via invalid offset validation
    - debian/patches/CVE-2023-39352.patch: add bound check in gdi_SolidFill
      in libfreerdp/gdi/gfx.c.
    - CVE-2023-39352
  * SECURITY UPDATE: OOB read via missing offset validation
    - debian/patches/CVE-2023-39356-1.patch: fix checks for multi opaque
      rect in libfreerdp/core/orders.c.
    - debian/patches/CVE-2023-39356-2.patch: fix reading order number field
      in libfreerdp/core/orders.c.
    - CVE-2023-39356

 -- Marc Deslauriers <email address hidden> Mon, 27 Nov 2023 12:24:27 -0500


About   -   Send Feedback to @ubuntu_updates