SUSE-SU-2024:1609-1
- Source
- https://www.suse.com/support/update/announcement/2024/suse-su-20241609-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:1609-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2024:1609-1
- Related
- Published
- 2024-05-10T16:36:06Z
- Modified
- 2024-05-10T16:36:06Z
- Summary
- Security update for freerdp
- Details
-
This update for freerdp fixes the following issues:
- CVE-2024-32039: Fixed an out-of-bounds write with variables of type uint32 (bsc#1223293)
- CVE-2024-32040: Fixed a integer underflow when using the 'NSC' codec (bsc#1223294)
- CVE-2024-32041: Fixed an out-of-bounds read in Stream_GetRemainingLength() (bsc#1223295)
- CVE-2024-32458: Fixed an out-of-bounds read on pSrcData[] (bsc#1223296)
- CVE-2024-32459: Fixed an out-of-bounds read in case SrcSize less than 4 (bsc#1223297)
- CVE-2024-32460: Fixed an out-of-bounds read when using '/bpp:32' legacy 'GDI' drawing path (bsc#1223298)
- References
-
- https://www.suse.com/support/update/announcement/2024/suse-su-20241609-1/
- https://bugzilla.suse.com/1223293
- https://bugzilla.suse.com/1223294
- https://bugzilla.suse.com/1223295
- https://bugzilla.suse.com/1223296
- https://bugzilla.suse.com/1223297
- https://bugzilla.suse.com/1223298
- https://www.suse.com/security/cve/CVE-2024-32039
- https://www.suse.com/security/cve/CVE-2024-32040
- https://www.suse.com/security/cve/CVE-2024-32041
- https://www.suse.com/security/cve/CVE-2024-32458
- https://www.suse.com/security/cve/CVE-2024-32459
- https://www.suse.com/security/cve/CVE-2024-32460
Affected packages
SUSE:Linux Enterprise Software Development Kit 12 SP5 / freerdp
Package
- Name
- freerdp
- Purl
- pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5