libpainter0-0.9.20-4.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12602-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libpainter0-0.9.20-4.1 on GA media These are all security issues fixed in the libpainter0-0.9.20-4.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12602 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-23468/ SUSE CVE CVE-2022-23468 page https://www.suse.com/security/cve/CVE-2022-23477/ SUSE CVE CVE-2022-23477 page https://www.suse.com/security/cve/CVE-2022-23478/ SUSE CVE CVE-2022-23478 page https://www.suse.com/security/cve/CVE-2022-23479/ SUSE CVE CVE-2022-23479 page https://www.suse.com/security/cve/CVE-2022-23480/ SUSE CVE CVE-2022-23480 page https://www.suse.com/security/cve/CVE-2022-23481/ SUSE CVE CVE-2022-23481 page https://www.suse.com/security/cve/CVE-2022-23482/ SUSE CVE CVE-2022-23482 page https://www.suse.com/security/cve/CVE-2022-23483/ SUSE CVE CVE-2022-23483 page https://www.suse.com/security/cve/CVE-2022-23484/ SUSE CVE CVE-2022-23484 page https://www.suse.com/security/cve/CVE-2022-23493/ SUSE CVE CVE-2022-23493 page openSUSE Tumbleweed libpainter0-0.9.20-4.1 librfxencode0-0.9.20-4.1 xrdp-0.9.20-4.1 xrdp-devel-0.9.20-4.1 libpainter0-0.9.20-4.1 as a component of openSUSE Tumbleweed librfxencode0-0.9.20-4.1 as a component of openSUSE Tumbleweed xrdp-0.9.20-4.1 as a component of openSUSE Tumbleweed xrdp-devel-0.9.20-4.1 as a component of openSUSE Tumbleweed xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. There are no known workarounds for this issue. Users are advised to upgrade. CVE-2022-23468 openSUSE Tumbleweed:libpainter0-0.9.20-4.1 openSUSE Tumbleweed:librfxencode0-0.9.20-4.1 openSUSE Tumbleweed:xrdp-0.9.20-4.1 openSUSE Tumbleweed:xrdp-devel-0.9.20-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-23468.html CVE-2022-23468 https://bugzilla.suse.com/1206300 SUSE Bug 1206300 xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in audin_send_open() function. There are no known workarounds for this issue. Users are advised to upgrade. CVE-2022-23477 openSUSE Tumbleweed:libpainter0-0.9.20-4.1 openSUSE Tumbleweed:librfxencode0-0.9.20-4.1 openSUSE Tumbleweed:xrdp-0.9.20-4.1 openSUSE Tumbleweed:xrdp-devel-0.9.20-4.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-23477.html CVE-2022-23477 https://bugzilla.suse.com/1206301 SUSE Bug 1206301 xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known workarounds for this issue. Users are advised to upgrade. CVE-2022-23478 openSUSE Tumbleweed:libpainter0-0.9.20-4.1 openSUSE Tumbleweed:librfxencode0-0.9.20-4.1 openSUSE Tumbleweed:xrdp-0.9.20-4.1 openSUSE Tumbleweed:xrdp-devel-0.9.20-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-23478.html CVE-2022-23478 https://bugzilla.suse.com/1206302 SUSE Bug 1206302 xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. There are no known workarounds for this issue. Users are advised to upgrade. CVE-2022-23479 openSUSE Tumbleweed:libpainter0-0.9.20-4.1 openSUSE Tumbleweed:librfxencode0-0.9.20-4.1 openSUSE Tumbleweed:xrdp-0.9.20-4.1 openSUSE Tumbleweed:xrdp-devel-0.9.20-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-23479.html CVE-2022-23479 https://bugzilla.suse.com/1206303 SUSE Bug 1206303 xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function. There are no known workarounds for this issue. Users are advised to upgrade. CVE-2022-23480 openSUSE Tumbleweed:libpainter0-0.9.20-4.1 openSUSE Tumbleweed:librfxencode0-0.9.20-4.1 openSUSE Tumbleweed:xrdp-0.9.20-4.1 openSUSE Tumbleweed:xrdp-devel-0.9.20-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-23480.html CVE-2022-23480 https://bugzilla.suse.com/1206306 SUSE Bug 1206306 xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function. There are no known workarounds for this issue. Users are advised to upgrade. CVE-2022-23481 openSUSE Tumbleweed:libpainter0-0.9.20-4.1 openSUSE Tumbleweed:librfxencode0-0.9.20-4.1 openSUSE Tumbleweed:xrdp-0.9.20-4.1 openSUSE Tumbleweed:xrdp-devel-0.9.20-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-23481.html CVE-2022-23481 https://bugzilla.suse.com/1206307 SUSE Bug 1206307 xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. There are no known workarounds for this issue. Users are advised to upgrade. CVE-2022-23482 openSUSE Tumbleweed:libpainter0-0.9.20-4.1 openSUSE Tumbleweed:librfxencode0-0.9.20-4.1 openSUSE Tumbleweed:xrdp-0.9.20-4.1 openSUSE Tumbleweed:xrdp-devel-0.9.20-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-23482.html CVE-2022-23482 https://bugzilla.suse.com/1206310 SUSE Bug 1206310 xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade. CVE-2022-23483 openSUSE Tumbleweed:libpainter0-0.9.20-4.1 openSUSE Tumbleweed:librfxencode0-0.9.20-4.1 openSUSE Tumbleweed:xrdp-0.9.20-4.1 openSUSE Tumbleweed:xrdp-devel-0.9.20-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-23483.html CVE-2022-23483 https://bugzilla.suse.com/1206311 SUSE Bug 1206311 xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. There are no known workarounds for this issue. Users are advised to upgrade. CVE-2022-23484 openSUSE Tumbleweed:libpainter0-0.9.20-4.1 openSUSE Tumbleweed:librfxencode0-0.9.20-4.1 openSUSE Tumbleweed:xrdp-0.9.20-4.1 openSUSE Tumbleweed:xrdp-devel-0.9.20-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-23484.html CVE-2022-23484 https://bugzilla.suse.com/1206312 SUSE Bug 1206312 xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close() function. There are no known workarounds for this issue. Users are advised to upgrade. CVE-2022-23493 openSUSE Tumbleweed:libpainter0-0.9.20-4.1 openSUSE Tumbleweed:librfxencode0-0.9.20-4.1 openSUSE Tumbleweed:xrdp-0.9.20-4.1 openSUSE Tumbleweed:xrdp-devel-0.9.20-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-23493.html CVE-2022-23493 https://bugzilla.suse.com/1206313 SUSE Bug 1206313