Security update for freerdp
| Announcement ID: | SUSE-SU-2023:4893-1 |
|---|---|
| Rating: | moderate |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves 15 vulnerabilities can now be installed.
Description:
This update for freerdp fixes the following issues:
- CVE-2023-39350: Fixed incorrect offset calculation leading to DoS (bsc#1214856).
- CVE-2023-39351: Fixed Null Pointer Dereference leading DoS in RemoteFX (bsc#1214857).
- CVE-2023-39352: Fixed Invalid offset validation leading to Out Of Bound Write (bsc#1214858).
- CVE-2023-39353: Fixed Missing offset validation leading to Out Of Bound Read (bsc#1214859).
- CVE-2023-39354: Fixed Out-Of-Bounds Read in nsc_rle_decompress_data (bsc#1214860).
- CVE-2023-39356: Fixed Missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect (bsc#1214862).
- CVE-2023-40181: Fixed Integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment (bsc#1214863).
- CVE-2023-40186: Fixed IntegerOverflow leading to Out-Of-Bound Write Vulnerability in gdi_CreateSurface (bsc#1214864).
- CVE-2023-40188: Fixed Out-Of-Bounds Read in general_LumaToYUV444 (bsc#1214866).
- CVE-2023-40567: Fixed Out-Of-Bounds Write in clear_decompress_bands_data (bsc#1214867).
- CVE-2023-40569: Fixed Out-Of-Bounds Write in progressive_decompress (bsc#1214868).
- CVE-2023-40574: Fixed Out-Of-Bounds Write in general_YUV444ToRGB_8u_P3AC4R_BGRX (bsc#1214869).
- CVE-2023-40575: Fixed Out-Of-Bounds Read in general_YUV444ToRGB_8u_P3AC4R_BGRX (bsc#1214870).
- CVE-2023-40576: Fixed Out-Of-Bounds Read in RleDecompress (bsc#1214871).
- CVE-2023-40589: Fixed Global-Buffer-Overflow in ncrush_decompress (bsc#1214872).
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-4893=1 SUSE-2023-4893=1 -
openSUSE Leap 15.5
zypper in -t patch openSUSE-SLE-15.5-2023-4893=1 -
SUSE Package Hub 15 15-SP4
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4893=1 -
SUSE Package Hub 15 15-SP5
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4893=1 -
SUSE Linux Enterprise Workstation Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4893=1 -
SUSE Linux Enterprise Workstation Extension 15 SP5
zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4893=1
Package List:
-
openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
- freerdp-proxy-debuginfo-2.4.0-150400.3.23.1
- winpr2-devel-2.4.0-150400.3.23.1
- freerdp-debuginfo-2.4.0-150400.3.23.1
- freerdp-wayland-debuginfo-2.4.0-150400.3.23.1
- libwinpr2-debuginfo-2.4.0-150400.3.23.1
- libuwac0-0-debuginfo-2.4.0-150400.3.23.1
- uwac0-0-devel-2.4.0-150400.3.23.1
- freerdp-2.4.0-150400.3.23.1
- libuwac0-0-2.4.0-150400.3.23.1
- libfreerdp2-debuginfo-2.4.0-150400.3.23.1
- freerdp-debugsource-2.4.0-150400.3.23.1
- freerdp-server-2.4.0-150400.3.23.1
- libwinpr2-2.4.0-150400.3.23.1
- freerdp-server-debuginfo-2.4.0-150400.3.23.1
- freerdp-proxy-2.4.0-150400.3.23.1
- freerdp-wayland-2.4.0-150400.3.23.1
- libfreerdp2-2.4.0-150400.3.23.1
- freerdp-devel-2.4.0-150400.3.23.1
-
openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
- freerdp-proxy-debuginfo-2.4.0-150400.3.23.1
- winpr2-devel-2.4.0-150400.3.23.1
- freerdp-debuginfo-2.4.0-150400.3.23.1
- freerdp-wayland-debuginfo-2.4.0-150400.3.23.1
- libwinpr2-debuginfo-2.4.0-150400.3.23.1
- libuwac0-0-debuginfo-2.4.0-150400.3.23.1
- uwac0-0-devel-2.4.0-150400.3.23.1
- freerdp-2.4.0-150400.3.23.1
- libuwac0-0-2.4.0-150400.3.23.1
- libfreerdp2-debuginfo-2.4.0-150400.3.23.1
- freerdp-debugsource-2.4.0-150400.3.23.1
- freerdp-server-2.4.0-150400.3.23.1
- libwinpr2-2.4.0-150400.3.23.1
- freerdp-server-debuginfo-2.4.0-150400.3.23.1
- freerdp-proxy-2.4.0-150400.3.23.1
- freerdp-wayland-2.4.0-150400.3.23.1
- libfreerdp2-2.4.0-150400.3.23.1
- freerdp-devel-2.4.0-150400.3.23.1
-
SUSE Package Hub 15 15-SP4 (aarch64 ppc64le s390x)
- freerdp-proxy-debuginfo-2.4.0-150400.3.23.1
- winpr2-devel-2.4.0-150400.3.23.1
- freerdp-debuginfo-2.4.0-150400.3.23.1
- libwinpr2-debuginfo-2.4.0-150400.3.23.1
- freerdp-2.4.0-150400.3.23.1
- libfreerdp2-debuginfo-2.4.0-150400.3.23.1
- freerdp-debugsource-2.4.0-150400.3.23.1
- libwinpr2-2.4.0-150400.3.23.1
- freerdp-proxy-2.4.0-150400.3.23.1
- libfreerdp2-2.4.0-150400.3.23.1
- freerdp-devel-2.4.0-150400.3.23.1
-
SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x)
- freerdp-proxy-debuginfo-2.4.0-150400.3.23.1
- winpr2-devel-2.4.0-150400.3.23.1
- freerdp-debuginfo-2.4.0-150400.3.23.1
- freerdp-wayland-debuginfo-2.4.0-150400.3.23.1
- libwinpr2-debuginfo-2.4.0-150400.3.23.1
- libuwac0-0-debuginfo-2.4.0-150400.3.23.1
- uwac0-0-devel-2.4.0-150400.3.23.1
- freerdp-2.4.0-150400.3.23.1
- libuwac0-0-2.4.0-150400.3.23.1
- libfreerdp2-debuginfo-2.4.0-150400.3.23.1
- freerdp-debugsource-2.4.0-150400.3.23.1
- freerdp-server-2.4.0-150400.3.23.1
- libwinpr2-2.4.0-150400.3.23.1
- freerdp-server-debuginfo-2.4.0-150400.3.23.1
- freerdp-proxy-2.4.0-150400.3.23.1
- freerdp-wayland-2.4.0-150400.3.23.1
- libfreerdp2-2.4.0-150400.3.23.1
- freerdp-devel-2.4.0-150400.3.23.1
-
SUSE Linux Enterprise Workstation Extension 15 SP4 (x86_64)
- freerdp-proxy-debuginfo-2.4.0-150400.3.23.1
- winpr2-devel-2.4.0-150400.3.23.1
- freerdp-debuginfo-2.4.0-150400.3.23.1
- libwinpr2-debuginfo-2.4.0-150400.3.23.1
- freerdp-2.4.0-150400.3.23.1
- libfreerdp2-debuginfo-2.4.0-150400.3.23.1
- freerdp-debugsource-2.4.0-150400.3.23.1
- libwinpr2-2.4.0-150400.3.23.1
- freerdp-proxy-2.4.0-150400.3.23.1
- libfreerdp2-2.4.0-150400.3.23.1
- freerdp-devel-2.4.0-150400.3.23.1
-
SUSE Linux Enterprise Workstation Extension 15 SP5 (x86_64)
- freerdp-proxy-debuginfo-2.4.0-150400.3.23.1
- winpr2-devel-2.4.0-150400.3.23.1
- freerdp-debuginfo-2.4.0-150400.3.23.1
- libwinpr2-debuginfo-2.4.0-150400.3.23.1
- freerdp-2.4.0-150400.3.23.1
- libfreerdp2-debuginfo-2.4.0-150400.3.23.1
- freerdp-debugsource-2.4.0-150400.3.23.1
- libwinpr2-2.4.0-150400.3.23.1
- freerdp-proxy-2.4.0-150400.3.23.1
- libfreerdp2-2.4.0-150400.3.23.1
- freerdp-devel-2.4.0-150400.3.23.1
References:
- https://www.suse.com/security/cve/CVE-2023-39350.html
- https://www.suse.com/security/cve/CVE-2023-39351.html
- https://www.suse.com/security/cve/CVE-2023-39352.html
- https://www.suse.com/security/cve/CVE-2023-39353.html
- https://www.suse.com/security/cve/CVE-2023-39354.html
- https://www.suse.com/security/cve/CVE-2023-39356.html
- https://www.suse.com/security/cve/CVE-2023-40181.html
- https://www.suse.com/security/cve/CVE-2023-40186.html
- https://www.suse.com/security/cve/CVE-2023-40188.html
- https://www.suse.com/security/cve/CVE-2023-40567.html
- https://www.suse.com/security/cve/CVE-2023-40569.html
- https://www.suse.com/security/cve/CVE-2023-40574.html
- https://www.suse.com/security/cve/CVE-2023-40575.html
- https://www.suse.com/security/cve/CVE-2023-40576.html
- https://www.suse.com/security/cve/CVE-2023-40589.html
- https://bugzilla.suse.com/show_bug.cgi?id=1214856
- https://bugzilla.suse.com/show_bug.cgi?id=1214857
- https://bugzilla.suse.com/show_bug.cgi?id=1214858
- https://bugzilla.suse.com/show_bug.cgi?id=1214859
- https://bugzilla.suse.com/show_bug.cgi?id=1214860
- https://bugzilla.suse.com/show_bug.cgi?id=1214862
- https://bugzilla.suse.com/show_bug.cgi?id=1214863
- https://bugzilla.suse.com/show_bug.cgi?id=1214864
- https://bugzilla.suse.com/show_bug.cgi?id=1214866
- https://bugzilla.suse.com/show_bug.cgi?id=1214867
- https://bugzilla.suse.com/show_bug.cgi?id=1214868
- https://bugzilla.suse.com/show_bug.cgi?id=1214869
- https://bugzilla.suse.com/show_bug.cgi?id=1214870
- https://bugzilla.suse.com/show_bug.cgi?id=1214871
- https://bugzilla.suse.com/show_bug.cgi?id=1214872