SUSE-SU-2023:4611-1

Source
https://www.suse.com/support/update/announcement/2023/suse-su-20234611-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4611-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2023:4611-1
Related
Published
2023-11-29T13:50:28Z
Modified
2023-11-29T13:50:28Z
Summary
Security update for freerdp
Details

This update for freerdp fixes the following issues:

  • CVE-2023-39350: Fixed incorrect offset calculation leading to DoS (bsc#1214856).
  • CVE-2023-39351: Fixed Null Pointer Dereference leading DoS in RemoteFX (bsc#1214857).
  • CVE-2023-39352: Fixed Invalid offset validation leading to Out Of Bound Write (bsc#1214858).
  • CVE-2023-39353: Fixed Missing offset validation leading to Out Of Bound Read (bsc#1214859).
  • CVE-2023-39354: Fixed Out-Of-Bounds Read in nscrledecompress_data (bsc#1214860).
  • CVE-2023-39356: Fixed Missing offset validation leading to Out-of-Bounds Read in gdimultiopaque_rect (bsc#1214862).
  • CVE-2023-40181: Fixed Integer-Underflow leading to Out-Of-Bound Read in zgfxdecompresssegment (bsc#1214863).
  • CVE-2023-40186: Fixed IntegerOverflow leading to Out-Of-Bound Write Vulnerability in gdi_CreateSurface (bsc#1214864).
  • CVE-2023-40188: Fixed Out-Of-Bounds Read in general_LumaToYUV444 (bsc#1214866).
  • CVE-2023-40567: Fixed Out-Of-Bounds Write in cleardecompressbands_data (bsc#1214867).
  • CVE-2023-40569: Fixed Out-Of-Bounds Write in progressive_decompress (bsc#1214868).
  • CVE-2023-40574: Fixed Out-Of-Bounds Write in generalYUV444ToRGB8uP3AC4RBGRX (bsc#1214869).
  • CVE-2023-40575: Fixed Out-Of-Bounds Read in generalYUV444ToRGB8uP3AC4RBGRX (bsc#1214870).
  • CVE-2023-40576: Fixed Out-Of-Bounds Read in RleDecompress (bsc#1214871).
  • CVE-2023-40589: Fixed Global-Buffer-Overflow in ncrush_decompress (bsc#1214872).
References

Affected packages

SUSE:Linux Enterprise Software Development Kit 12 SP5 / freerdp

Package

Name
freerdp
Purl
pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.2-12.38.1

Ecosystem specific

{
    "binaries": [
        {
            "freerdp-devel": "2.1.2-12.38.1",
            "libwinpr2": "2.1.2-12.38.1",
            "winpr2-devel": "2.1.2-12.38.1",
            "libfreerdp2": "2.1.2-12.38.1"
        }
    ]
}

SUSE:Linux Enterprise Workstation Extension 12 SP5 / freerdp

Package

Name
freerdp
Purl
pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.2-12.38.1

Ecosystem specific

{
    "binaries": [
        {
            "freerdp": "2.1.2-12.38.1",
            "freerdp-server": "2.1.2-12.38.1",
            "libwinpr2": "2.1.2-12.38.1",
            "freerdp-proxy": "2.1.2-12.38.1",
            "libfreerdp2": "2.1.2-12.38.1"
        }
    ]
}