CLSA-2024:1721206783

[CLSA-2024:1721206783] freerdp: Fix of 12 CVEs

Type:

security

Severity:

Critical

Release date:

2024-07-17 08:59:46 UTC

Description:

- CVE-2023-39352: add bound check in gdi_SolidFill
- CVE-2023-39353: check indices are within range
- CVE-2023-39356: fix checks for multi opaque rect
- CVE-2023-40181: fix cBitsRemaining calculation
- CVE-2023-40186: fix integer multiplications
- CVE-2023-40188: fix input length validation
- CVE-2023-40567: fix missing bounds checks
- CVE-2023-40569: fix missing destination checks
- CVE-2024-22211: check resolution for overflow
- CVE-2023-39351: free content of currentMessage on fail
- CVE-2023-39350: fix possible out of bound read
- CVE-2023-40589: properly verify all offsets while decoding data

Updated packages:

freerdp-2.1.1-5.el7_9.tuxcare.els1.x86_64.rpm
sha:afb557972eb7b4d33d25c3ad64248245c195b643
freerdp-devel-2.1.1-5.el7_9.tuxcare.els1.i686.rpm
sha:d4f03624edc9817a1dc308bd8fd2f7a4a336d361
freerdp-devel-2.1.1-5.el7_9.tuxcare.els1.x86_64.rpm
sha:7e80cb7d8691f95eeed56971d7f79906c5232781
freerdp-libs-2.1.1-5.el7_9.tuxcare.els1.i686.rpm
sha:72137a781fbf6e2bb1d9543d2d1f28efed9fefff
freerdp-libs-2.1.1-5.el7_9.tuxcare.els1.x86_64.rpm
sha:59448f80144dab0b1c31332dd212f26d9f73db29
libwinpr-2.1.1-5.el7_9.tuxcare.els1.i686.rpm
sha:4cd1b3f85ccd56326d09812efe9e97452bf05510
libwinpr-2.1.1-5.el7_9.tuxcare.els1.x86_64.rpm
sha:20a4180ee750a670d5a7f9a61d7462b6b13777a9
libwinpr-devel-2.1.1-5.el7_9.tuxcare.els1.i686.rpm
sha:94f59674ab24dbdd9a6d3daea4cc1552e89dd847
libwinpr-devel-2.1.1-5.el7_9.tuxcare.els1.x86_64.rpm
sha:ca7d779ee67169aabea9510c2f6b481580051247

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.