Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 40 FEDORA-2024-982a7184e0 Critical: FreeRDP2 Out-Of-Bounds

fedora
Calendar Grey May 9, 2024
Dist Fedora Esm H88
Essential patches for Fedora 40 freerdp2 have been released, targeting various vulnerabilities to fortify RDP security.
Update to 2.11.7 (CVE-2024-32039, CVE-2024-32040, CVE-2024-32041, CVE-2024-32458, CVE-2024-32459, CVE-2024-32460, CVE-2024-32658, CVE-2024-32659, CVE-2024-32660, CVE-2024-32661, CV...

Summary

The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP

project.

xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows

machines, xrdp and VirtualBox.

Update Information:

Update to 2.11.7 (CVE-2024-32039, CVE-2024-32040, CVE-2024-32041, CVE-2024-32458, CVE-2024-32459, CVE-2024-32460, CVE-2024-32658, CVE-2024-32659, CVE-2024-32660, CVE-2024-32661, CVE-2024-32662)

Topics%20covered

Topics Covered

security advisory security issue fedora critical out-of-bounds freerdp rdp

Change Log

* Tue Apr 23 2024 Ondrej Holy - 2:2.11.7-1 - Update to 2.11.7

References


[ 1 ] Bug #2276721 - CVE-2024-32459 freerdp: out-of-bounds read in ncrush_decompress https://bugzilla.redhat.com/show_bug.cgi?id=2276721 [ 2 ] Bug #2276722 - CVE-2024-32460 freerdp: OutOfBound Read in interleaved_decompress https://bugzilla.redhat.com/show_bug.cgi?id=2276722 [ 3 ] Bug #2276723 - CVE-2024-32039 freerdp: Integer overflow & OutOfBound Write in clear_decompress_residual_data https://bugzilla.redhat.com/show_bug.cgi?id=2276723 [ 4 ] Bug #2276724 - CVE-2024-32040 freerdp: integer underflow in nsc_rle_decode https://bugzilla.redhat.com/show_bug.cgi?id=2276724 [ 5 ] Bug #2276725 - CVE-2024-32041 freerdp: OutOfBound Read in zgfx_decompress_segment https://bugzilla.redhat.com/show_bug.cgi?id=2276725 [ 6 ] Bug #2276726 - CVE-2024-32458 freerdp: OutOfBound Read in planar_skip_plane_rle https://bugzilla.redhat.com/show_bug.cgi?id=2276726 [ 7 ] Bug #2276804 - CVE-2024-32662 freerdp: out-of-bounds read ...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-982a7184e0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: freerdp2
Product: Fedora 40
Version: 2.11.7
Release: 1.fc40
URL: http://www.freerdp.com/
Summary: Free implementation of the Remote Desktop Protocol (RDP)

Topics%20covered

Topics Covered

security advisory security issue fedora critical out-of-bounds freerdp rdp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here