UbuntuUpdates.org

Package "libfreerdp-shadow3-3"

Name: libfreerdp-shadow3-3

Description:

FreeRDP Remote Desktop Protocol shadow libraries
Latest version: 3.5.1+dfsg1-0ubuntu1.1
Release: noble (24.04)
Level: security
Repository: universe
Head package: freerdp3
Homepage: https://www.freerdp.com/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libfreerdp-shadow3-3"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libfreerdp-shadow3-3" in Noble

Repository Area Version
base universe 3.5.0+dfsg1-0ubuntu1
updates universe 3.5.1+dfsg1-0ubuntu1.1

Changelog

Version: 3.5.1+dfsg1-0ubuntu1.1 2025-07-08 15:13:01 UTC

  freerdp3 (3.5.1+dfsg1-0ubuntu1.1) noble-security; urgency=medium

  * SECURITY UPDATE: DoS via crafted RDP packet
    - debian/patches/CVE-2025-4478.patch: initialize function pointers
      after resource allocation in libfreerdp/core/transport.c.
    - CVE-2025-4478

 -- Marc Deslauriers <email address hidden> Mon, 07 Jul 2025 14:44:55 -0400
Source diff to previous version
CVE-2025-4478 A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue

Version: 3.5.1+dfsg1-0ubuntu1 2024-04-29 18:06:58 UTC

  freerdp3 (3.5.1+dfsg1-0ubuntu1) noble-security; urgency=medium

  * SECURITY UPDATE: updated to 3.5.1 to fix multiple security issues
    - CVE-2024-32658 [Low] ExtractRunLengthRegular* out of bound read
    - CVE-2024-32659 [Low] freerdp_image_copy out of bound read
    - CVE-2024-32660 [Low] zgfx_decompress out of memory
    - CVE-2024-32661 [Low] rdp_write_logon_info_v1 NULL access
    - CVE-2024-32662 [Low] rdp_redirection_read_base64_wchar out of bound read

 -- Marc Deslauriers <email address hidden> Mon, 29 Apr 2024 10:25:11 -0400
CVE-2024-32658 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. V
CVE-2024-32659 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if
CVE-2024-32660 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending i
CVE-2024-32661 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` acc
CVE-2024-32662 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. T


About   -   Send Feedback to @ubuntu_updates