SUSE-SU-2023:0400-1
- Source
- https://www.suse.com/support/update/announcement/2023/suse-su-20230400-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:0400-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2023:0400-1
- Related
- Published
- 2023-02-13T15:17:53Z
- Modified
- 2023-02-13T15:17:53Z
- Summary
- Security update for freerdp
- Details
-
This update for freerdp fixes the following issues:
- CVE-2022-39316: Fixed out of bound read in zgfx decoder (bsc#1205512).
- CVE-2022-39317: Fixed undefined behaviour in zgfx decoder (bsc#1205512).
- CVE-2022-39320: Fixed heap buffer overflow in urbdrc channel (bsc#1205512).
- CVE-2022-39347: Fixed missing path sanitation with drive channel (bsc#1205512).
- CVE-2022-41877: Fixed missing input length validation in drive channel (bsc#1205512).
- References
-
- https://www.suse.com/support/update/announcement/2023/suse-su-20230400-1/
- https://bugzilla.suse.com/1205512
- https://www.suse.com/security/cve/CVE-2022-39316
- https://www.suse.com/security/cve/CVE-2022-39317
- https://www.suse.com/security/cve/CVE-2022-39320
- https://www.suse.com/security/cve/CVE-2022-39347
- https://www.suse.com/security/cve/CVE-2022-41877
Affected packages
SUSE:Linux Enterprise Software Development Kit 12 SP5 / freerdp
Package
- Name
- freerdp
- Purl
- pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5