freerdp-2.9.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12523 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z freerdp-2.9.0-1.1 on GA media These are all security issues fixed in the freerdp-2.9.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12523 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12523 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-39316/ SUSE CVE CVE-2022-39316 page https://www.suse.com/security/cve/CVE-2022-39320/ SUSE CVE CVE-2022-39320 page openSUSE Tumbleweed freerdp-2.9.0-1.1 freerdp-devel-2.9.0-1.1 freerdp-proxy-2.9.0-1.1 freerdp-server-2.9.0-1.1 freerdp-wayland-2.9.0-1.1 libfreerdp2-2-2.9.0-1.1 libuwac0-0-2.9.0-1.1 libwinpr2-2-2.9.0-1.1 uwac0-0-devel-2.9.0-1.1 winpr-devel-2.9.0-1.1 freerdp-2.9.0-1.1 as a component of openSUSE Tumbleweed freerdp-devel-2.9.0-1.1 as a component of openSUSE Tumbleweed freerdp-proxy-2.9.0-1.1 as a component of openSUSE Tumbleweed freerdp-server-2.9.0-1.1 as a component of openSUSE Tumbleweed freerdp-wayland-2.9.0-1.1 as a component of openSUSE Tumbleweed libfreerdp2-2-2.9.0-1.1 as a component of openSUSE Tumbleweed libuwac0-0-2.9.0-1.1 as a component of openSUSE Tumbleweed libwinpr2-2-2.9.0-1.1 as a component of openSUSE Tumbleweed uwac0-0-devel-2.9.0-1.1 as a component of openSUSE Tumbleweed winpr-devel-2.9.0-1.1 as a component of openSUSE Tumbleweed FreeRDP is a free remote desktop protocol library and clients. In affected versions there is an out of bound read in ZGFX decoder component of FreeRDP. A malicious server can trick a FreeRDP based client to read out of bound data and try to decode it likely resulting in a crash. This issue has been addressed in the 2.9.0 release. Users are advised to upgrade. CVE-2022-39316 openSUSE Tumbleweed:freerdp-2.9.0-1.1 openSUSE Tumbleweed:freerdp-devel-2.9.0-1.1 openSUSE Tumbleweed:freerdp-proxy-2.9.0-1.1 openSUSE Tumbleweed:freerdp-server-2.9.0-1.1 openSUSE Tumbleweed:freerdp-wayland-2.9.0-1.1 openSUSE Tumbleweed:libfreerdp2-2-2.9.0-1.1 openSUSE Tumbleweed:libuwac0-0-2.9.0-1.1 openSUSE Tumbleweed:libwinpr2-2-2.9.0-1.1 openSUSE Tumbleweed:uwac0-0-devel-2.9.0-1.1 openSUSE Tumbleweed:winpr-devel-2.9.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-39316.html CVE-2022-39316 https://bugzilla.suse.com/1205512 SUSE Bug 1205512 FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP may attempt integer addition on too narrow types leads to allocation of a buffer too small holding the data written. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version 2.9.0 and all users are advised to upgrade. Users unable to upgrade should not use the `/usb` redirection switch. CVE-2022-39320 openSUSE Tumbleweed:freerdp-2.9.0-1.1 openSUSE Tumbleweed:freerdp-devel-2.9.0-1.1 openSUSE Tumbleweed:freerdp-proxy-2.9.0-1.1 openSUSE Tumbleweed:freerdp-server-2.9.0-1.1 openSUSE Tumbleweed:freerdp-wayland-2.9.0-1.1 openSUSE Tumbleweed:libfreerdp2-2-2.9.0-1.1 openSUSE Tumbleweed:libuwac0-0-2.9.0-1.1 openSUSE Tumbleweed:libwinpr2-2-2.9.0-1.1 openSUSE Tumbleweed:uwac0-0-devel-2.9.0-1.1 openSUSE Tumbleweed:winpr-devel-2.9.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-39320.html CVE-2022-39320