freerdp-3.4.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13815 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z freerdp-3.4.0-1.1 on GA media These are all security issues fixed in the freerdp-3.4.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13815 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13815 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-40574/ SUSE CVE CVE-2023-40574 page https://www.suse.com/security/cve/CVE-2023-40575/ SUSE CVE CVE-2023-40575 page https://www.suse.com/security/cve/CVE-2023-40576/ SUSE CVE CVE-2023-40576 page openSUSE Tumbleweed freerdp-3.4.0-1.1 freerdp-devel-3.4.0-1.1 freerdp-proxy-3.4.0-1.1 freerdp-proxy-plugins-3.4.0-1.1 freerdp-sdl-3.4.0-1.1 freerdp-server-3.4.0-1.1 freerdp-wayland-3.4.0-1.1 libfreerdp-server-proxy3-3-3.4.0-1.1 libfreerdp3-3-3.4.0-1.1 librdtk0-0-3.4.0-1.1 libuwac0-0-3.4.0-1.1 libwinpr3-3-3.4.0-1.1 rdtk0-devel-3.4.0-1.1 uwac0-devel-3.4.0-1.1 winpr-devel-3.4.0-1.1 freerdp-3.4.0-1.1 as a component of openSUSE Tumbleweed freerdp-devel-3.4.0-1.1 as a component of openSUSE Tumbleweed freerdp-proxy-3.4.0-1.1 as a component of openSUSE Tumbleweed freerdp-proxy-plugins-3.4.0-1.1 as a component of openSUSE Tumbleweed freerdp-sdl-3.4.0-1.1 as a component of openSUSE Tumbleweed freerdp-server-3.4.0-1.1 as a component of openSUSE Tumbleweed freerdp-wayland-3.4.0-1.1 as a component of openSUSE Tumbleweed libfreerdp-server-proxy3-3-3.4.0-1.1 as a component of openSUSE Tumbleweed libfreerdp3-3-3.4.0-1.1 as a component of openSUSE Tumbleweed librdtk0-0-3.4.0-1.1 as a component of openSUSE Tumbleweed libuwac0-0-3.4.0-1.1 as a component of openSUSE Tumbleweed libwinpr3-3-3.4.0-1.1 as a component of openSUSE Tumbleweed rdtk0-devel-3.4.0-1.1 as a component of openSUSE Tumbleweed uwac0-devel-3.4.0-1.1 as a component of openSUSE Tumbleweed winpr-devel-3.4.0-1.1 as a component of openSUSE Tumbleweed FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `writePixelBGRX` function. This issue is likely down to incorrect calculations of the `nHeight` and `srcStep` variables. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. CVE-2023-40574 openSUSE Tumbleweed:freerdp-3.4.0-1.1 openSUSE Tumbleweed:freerdp-devel-3.4.0-1.1 openSUSE Tumbleweed:freerdp-proxy-3.4.0-1.1 openSUSE Tumbleweed:freerdp-proxy-plugins-3.4.0-1.1 openSUSE Tumbleweed:freerdp-sdl-3.4.0-1.1 openSUSE Tumbleweed:freerdp-server-3.4.0-1.1 openSUSE Tumbleweed:freerdp-wayland-3.4.0-1.1 openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.4.0-1.1 openSUSE Tumbleweed:libfreerdp3-3-3.4.0-1.1 openSUSE Tumbleweed:librdtk0-0-3.4.0-1.1 openSUSE Tumbleweed:libuwac0-0-3.4.0-1.1 openSUSE Tumbleweed:libwinpr3-3-3.4.0-1.1 openSUSE Tumbleweed:rdtk0-devel-3.4.0-1.1 openSUSE Tumbleweed:uwac0-devel-3.4.0-1.1 openSUSE Tumbleweed:winpr-devel-3.4.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-40574.html CVE-2023-40574 https://bugzilla.suse.com/1214869 SUSE Bug 1214869 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_YUV444ToRGB_8u_P3AC4R_BGRX` function. This issue is likely down to insufficient data for the `pSrc` variable and results in crashes. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. CVE-2023-40575 openSUSE Tumbleweed:freerdp-3.4.0-1.1 openSUSE Tumbleweed:freerdp-devel-3.4.0-1.1 openSUSE Tumbleweed:freerdp-proxy-3.4.0-1.1 openSUSE Tumbleweed:freerdp-proxy-plugins-3.4.0-1.1 openSUSE Tumbleweed:freerdp-sdl-3.4.0-1.1 openSUSE Tumbleweed:freerdp-server-3.4.0-1.1 openSUSE Tumbleweed:freerdp-wayland-3.4.0-1.1 openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.4.0-1.1 openSUSE Tumbleweed:libfreerdp3-3-3.4.0-1.1 openSUSE Tumbleweed:librdtk0-0-3.4.0-1.1 openSUSE Tumbleweed:libuwac0-0-3.4.0-1.1 openSUSE Tumbleweed:libwinpr3-3-3.4.0-1.1 openSUSE Tumbleweed:rdtk0-devel-3.4.0-1.1 openSUSE Tumbleweed:uwac0-devel-3.4.0-1.1 openSUSE Tumbleweed:winpr-devel-3.4.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-40575.html CVE-2023-40575 https://bugzilla.suse.com/1214870 SUSE Bug 1214870 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `RleDecompress` function. This Out-Of-Bounds Read occurs because FreeRDP processes the `pbSrcBuffer` variable without checking if it contains data of sufficient length. Insufficient data in the `pbSrcBuffer` variable may cause errors or crashes. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. CVE-2023-40576 openSUSE Tumbleweed:freerdp-3.4.0-1.1 openSUSE Tumbleweed:freerdp-devel-3.4.0-1.1 openSUSE Tumbleweed:freerdp-proxy-3.4.0-1.1 openSUSE Tumbleweed:freerdp-proxy-plugins-3.4.0-1.1 openSUSE Tumbleweed:freerdp-sdl-3.4.0-1.1 openSUSE Tumbleweed:freerdp-server-3.4.0-1.1 openSUSE Tumbleweed:freerdp-wayland-3.4.0-1.1 openSUSE Tumbleweed:libfreerdp-server-proxy3-3-3.4.0-1.1 openSUSE Tumbleweed:libfreerdp3-3-3.4.0-1.1 openSUSE Tumbleweed:librdtk0-0-3.4.0-1.1 openSUSE Tumbleweed:libuwac0-0-3.4.0-1.1 openSUSE Tumbleweed:libwinpr3-3-3.4.0-1.1 openSUSE Tumbleweed:rdtk0-devel-3.4.0-1.1 openSUSE Tumbleweed:uwac0-devel-3.4.0-1.1 openSUSE Tumbleweed:winpr-devel-3.4.0-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-40576.html CVE-2023-40576 https://bugzilla.suse.com/1214871 SUSE Bug 1214871