Package "libfreerdp-server-proxy3-3"
| Name: |
libfreerdp-server-proxy3-3
|
Description: |
Free Remote Desktop Protocol library (proxy library)
|
| Latest version: |
3.16.0+dfsg-2ubuntu0.1 |
| Release: |
questing (25.10) |
| Level: |
updates |
| Repository: |
main |
| Head package: |
freerdp3 |
| Homepage: |
https://www.freerdp.com/ |
Links
Download "libfreerdp-server-proxy3-3"
Other versions of "libfreerdp-server-proxy3-3" in Questing
Changelog
|
freerdp3 (3.16.0+dfsg-2ubuntu0.1) questing-security; urgency=medium
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2026-23948.patch: fix missing NULL check
- CVE-2026-23948
* SECURITY UPDATE: heap overflow
- debian/patches/CVE-2026-24491-1.patch: reset channel_callback
before close
- debian/patches/CVE-2026-24491-2.patch: check pointer before
reset
- debian/patches/CVE-2026-24675.patch: do not free MsConfig on
failure
- debian/patches/CVE-2026-24677.patch: ensure sws context size
matches
- debian/patches/CVE-2026-24679.patch: ensure InterfaceNumber is
within range
- debian/patches/CVE-2026-24682.patch: fix audin_server_recv_formats
cleanup
- CVE-2026-24491
- CVE-2026-24675
- CVE-2026-24677
- CVE-2026-24679
- CVE-2026-24682
* SECURITY UPDATE: heap use after free
- debian/patches/CVE-2026-24676.patch: reset audin->format
- debian/patches/CVE-2026-24678.patch: ensure all streams are
stopped
- debian/patches/CVE-2026-24680.patch: reset pointer after memory
release
- debian/patches/CVE-2026-24681.patch: cancel all usb transfers on
channel close
- debian/patches/CVE-2026-24683.patch: lock context when updating
listener
- debian/patches/CVE-2026-24684-1.patch: terminate thread before
free
- debian/patches/CVE-2026-24684-2.patch: only clean up thread
before free
- CVE-2026-24676
- CVE-2026-24678
- CVE-2026-24680
- CVE-2026-24681
- CVE-2026-24683
- CVE-2026-24684
-- Nishit Majithia <email address hidden> Thu, 12 Feb 2026 18:29:44 +0530
|
| CVE-2026-23948 |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdp_write_logon_info_v2 |
| CVE-2026-24491 |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, video_timer can send client notifications after the control channel |
| CVE-2026-24675 |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, urb_select_interface can free the device's MS config on error but l |
| CVE-2026-24677 |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, ecam_encoder_compress_h264 trusts server-controlled dimensions and |
| CVE-2026-24679 |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array i |
| CVE-2026-24682 |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, audin_server_recv_formats frees an incorrect number of audio format |
| CVE-2026-24676 |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, AUDIN format renegotiation frees the active format list while the c |
| CVE-2026-24678 |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callb |
| CVE-2026-24680 |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdl_Pointer_New frees data on failure, then pointer_free calls sdl_ |
| CVE-2026-24681 |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, aAsynchronous bulk transfer completions can use a freed channel cal |
| CVE-2026-24683 |
FreeRDP is a free implementation of the Remote Desktop Protocol. ainput_send_input_event caches channel_callback in a local variable and later uses i |
| CVE-2026-24684 |
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the |
|
About
-
Send Feedback to @ubuntu_updates
