Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2023:4893-1 moderate: freerdp DoS and Out-Of-Bounds

suse
Calendar Grey December 18, 2023
Dist Suse Esm H88
Mitigate exposure to medium-level threats in freerdp using SUSE's July 2023 update to improve the comprehensive security framework.
* bsc#1214856 * bsc#1214857 * bsc#1214858 * bsc#1214859 * bsc#1214860

Summary

## This update for freerdp fixes the following issues: * CVE-2023-39350: Fixed incorrect offset calculation leading to DoS (bsc#1214856). * CVE-2023-39351: Fixed Null Pointer Dereference leading DoS in RemoteFX (bsc#1214857). * CVE-2023-39352: Fixed Invalid offset validation leading to Out Of Bound Write (bsc#1214858). * CVE-2023-39353: Fixed Missing offset validation leading to Out Of Bound Read (bsc#1214859). * CVE-2023-39354: Fixed Out-Of-Bounds Read in nsc_rle_decompress_data (bsc#1214860). * CVE-2023-39356: Fixed Missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect (bsc#1214862). * CVE-2023-40181: Fixed Integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment (bsc#1214863).

Topics%20covered

Topics Covered

security advisory moderate DoS out-of-bounds openSUSE freerdp

References

* bsc#1214856

* bsc#1214857

* bsc#1214858

* bsc#1214859

* bsc#1214860

* bsc#1214862

* bsc#1214863

* bsc#1214864

* bsc#1214866

* bsc#1214867

* bsc#1214868

* bsc#1214869

* bsc#1214870

* bsc#1214871

* bsc#1214872

Cross-

* CVE-2023-39350

* CVE-2023-39351

* CVE-2023-39352

* CVE-2023-39353

* CVE-2023-39354

* CVE-2023-39356

* CVE-2023-40181

* CVE-2023-40186

* CVE-2023-40188

* CVE-2023-40567

* CVE-2023-40569

* CVE-2023-40574

* CVE-2023-40575

* CVE-2023-40576

* CVE-2023-40589

CVSS scores:

* CVE-2023-39350 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-39350 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-39351 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2023-39351 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Announcement ID: SUSE-SU-2023:4893-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate DoS out-of-bounds openSUSE freerdp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here