Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

openSUSE 15.4/15.5: 2023:4893-1 Moderate: freerdp DoS Fix

opensuse
Calendar Grey December 18, 2023
Dist Opensuse Esm H88
The latest FreeRDP update fixes vulnerabilities related to DoS attacks. Follow these steps to securely update your installation and enhance protection
This update for freerdp fixes the following issues: CVE-2023-39350: Fixed incorrect offset calculation leading to DoS (bsc#1214856).

Description

This update for freerdp fixes the following issues:

* CVE-2023-39350: Fixed incorrect offset calculation leading to DoS

(bsc#1214856).

* CVE-2023-39351: Fixed Null Pointer Dereference leading DoS in RemoteFX

(bsc#1214857).

* CVE-2023-39352: Fixed Invalid offset validation leading to Out Of Bound

Write (bsc#1214858).

* CVE-2023-39353: Fixed Missing offset validation leading to Out Of Bound Read

(bsc#1214859).

* CVE-2023-39354: Fixed Out-Of-Bounds Read in nsc_rle_decompress_data

(bsc#1214860).

* CVE-2023-39356: Fixed Missing offset validation leading to Out-of-Bounds

Read in gdi_multi_opaque_rect (bsc#1214862).

* CVE-2023-40181: Fixed Integer-Underflow leading to Out-Of-Bound Read in

zgfx_decompress_segment (bsc#1214863).

* CVE-2023-40186: Fixed IntegerOverflow leading to Out-Of-Bound Write

Vulnerability in gdi_CreateSurface (bsc#1214864).

* CVE-2023-40188: Fixed Out-Of-Bounds Read in general_LumaToYUV444

(bsc#1214866).

*...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory DoS issue threat mitigation openSUSE freerdp

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4

zypper in -t patch openSUSE-SLE-15.4-2023-4893=1 SUSE-2023-4893=1

* openSUSE Leap 15.5

zypper in -t patch openSUSE-SLE-15.5-2023-4893=1

* SUSE Package Hub 15 15-SP4

zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-4893=1

* SUSE Package Hub 15 15-SP5

zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-4893=1

* SUSE Linux Enterprise Workstation Extension 15 SP4

zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-4893=1

* SUSE Linux Enterprise Workstation Extension 15 SP5

zypper in -t patch SUSE-SLE-Product-WE-15-SP5-2023-4893=1

Package List

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)

* libwinpr2-2.4.0-150400.3.23.1

* freerdp-server-debuginfo-2.4.0-150400.3.23.1

* libwinpr2-debuginfo-2.4.0-150400.3.23.1

* libfreerdp2-2.4.0-150400.3.23.1

* freerdp-devel-2.4.0-150400.3.23.1

* freerdp-debugsource-2.4.0-150400.3.23.1

* libuwac0-0-2.4.0-150400.3.23.1

* freerdp-debuginfo-2.4.0-150400.3.23.1

* uwac0-0-devel-2.4.0-150400.3.23.1

* libuwac0-0-debuginfo-2.4.0-150400.3.23.1

* freerdp-wayland-2.4.0-150400.3.23.1

* freerdp-proxy-2.4.0-150400.3.23.1

* freerdp-server-2.4.0-150400.3.23.1

* freerdp-2.4.0-150400.3.23.1

* winpr2-devel-2.4.0-150400.3.23.1

* freerdp-wayland-debuginfo-2.4.0-150400.3.23.1

* libfreerdp2-debuginfo-2.4.0-150400.3.23.1

* freerdp-proxy-debuginfo-2.4.0-150400.3.23.1

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)

* libwinpr2-2.4.0-150400.3.23.1

* freerdp-server-debuginfo-2.4.0-150400.3.23.1

* libwinpr2-debuginfo-2.4.0-150400.3.23.1

* libfreerdp2-2.4.0-150400.3.23.1

* freerdp-devel-2.4.0-150400.3.23.1

*...

Read the Full Advisory

References

* bsc#1214856

* bsc#1214857

* bsc#1214858

* bsc#1214859

* bsc#1214860

* bsc#1214862

* bsc#1214863

* bsc#1214864

* bsc#1214866

* bsc#1214867

* bsc#1214868

* bsc#1214869

* bsc#1214870

* bsc#1214871

* bsc#1214872

## References:

* https://www.suse.com/security/cve/CVE-2023-39350.html

* https://www.suse.com/security/cve/CVE-2023-39351.html

* https://www.suse.com/security/cve/CVE-2023-39352.html

* https://www.suse.com/security/cve/CVE-2023-39353.html

* https://www.suse.com/security/cve/CVE-2023-39354.html

* https://www.suse.com/security/cve/CVE-2023-39356.html

* https://www.suse.com/security/cve/CVE-2023-40181.html

* https://www.suse.com/security/cve/CVE-2023-40186.html

* https://www.suse.com/security/cve/CVE-2023-40188.html

* https://www.suse.com/security/cve/CVE-2023-40567.html

* https://www.suse.com/security/cve/CVE-2023-40569.html

* https://www.suse.com/security/cve/CVE-2023-40574.html

* https://www.suse.com/security/cve/CVE-2023-40575.html

* https://www.suse.com/security/cve/CVE-2023-40576.html

*...

Read the Full Advisory

Announcement ID: SUSE-SU-2023:4893-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory DoS issue threat mitigation openSUSE freerdp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here