freerdp2-devel-2.11.5-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13816-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z freerdp2-devel-2.11.5-1.1 on GA media These are all security issues fixed in the freerdp2-devel-2.11.5-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13816 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2014-0250/ SUSE CVE CVE-2014-0250 page https://www.suse.com/security/cve/CVE-2014-0791/ SUSE CVE CVE-2014-0791 page https://www.suse.com/security/cve/CVE-2023-40574/ SUSE CVE CVE-2023-40574 page https://www.suse.com/security/cve/CVE-2023-40575/ SUSE CVE CVE-2023-40575 page https://www.suse.com/security/cve/CVE-2023-40576/ SUSE CVE CVE-2023-40576 page openSUSE Tumbleweed freerdp2-devel-2.11.5-1.1 freerdp2-proxy-2.11.5-1.1 freerdp2-server-2.11.5-1.1 libfreerdp2-2-2.11.5-1.1 libwinpr2-2-2.11.5-1.1 winpr2-devel-2.11.5-1.1 freerdp2-devel-2.11.5-1.1 as a component of openSUSE Tumbleweed freerdp2-proxy-2.11.5-1.1 as a component of openSUSE Tumbleweed freerdp2-server-2.11.5-1.1 as a component of openSUSE Tumbleweed libfreerdp2-2-2.11.5-1.1 as a component of openSUSE Tumbleweed libwinpr2-2-2.11.5-1.1 as a component of openSUSE Tumbleweed winpr2-devel-2.11.5-1.1 as a component of openSUSE Tumbleweed Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP allow remote attackers to have an unspecified impact via the width and height to the (1) xf_Pointer_New or (2) xf_Bitmap_Decompress function, which causes an incorrect amount of memory to be allocated. CVE-2014-0250 openSUSE Tumbleweed:freerdp2-devel-2.11.5-1.1 openSUSE Tumbleweed:freerdp2-proxy-2.11.5-1.1 openSUSE Tumbleweed:freerdp2-server-2.11.5-1.1 openSUSE Tumbleweed:libfreerdp2-2-2.11.5-1.1 openSUSE Tumbleweed:libwinpr2-2-2.11.5-1.1 openSUSE Tumbleweed:winpr2-devel-2.11.5-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0250.html CVE-2014-0250 https://bugzilla.suse.com/880317 SUSE Bug 880317 https://bugzilla.suse.com/975218 SUSE Bug 975218 Integer overflow in the license_read_scope_list function in libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP servers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ScopeCount value in a Scope List in a Server License Request packet. CVE-2014-0791 openSUSE Tumbleweed:freerdp2-devel-2.11.5-1.1 openSUSE Tumbleweed:freerdp2-proxy-2.11.5-1.1 openSUSE Tumbleweed:freerdp2-server-2.11.5-1.1 openSUSE Tumbleweed:libfreerdp2-2-2.11.5-1.1 openSUSE Tumbleweed:libwinpr2-2-2.11.5-1.1 openSUSE Tumbleweed:winpr2-devel-2.11.5-1.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-0791.html CVE-2014-0791 https://bugzilla.suse.com/857491 SUSE Bug 857491 https://bugzilla.suse.com/975218 SUSE Bug 975218 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `writePixelBGRX` function. This issue is likely down to incorrect calculations of the `nHeight` and `srcStep` variables. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. CVE-2023-40574 openSUSE Tumbleweed:freerdp2-devel-2.11.5-1.1 openSUSE Tumbleweed:freerdp2-proxy-2.11.5-1.1 openSUSE Tumbleweed:freerdp2-server-2.11.5-1.1 openSUSE Tumbleweed:libfreerdp2-2-2.11.5-1.1 openSUSE Tumbleweed:libwinpr2-2-2.11.5-1.1 openSUSE Tumbleweed:winpr2-devel-2.11.5-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-40574.html CVE-2023-40574 https://bugzilla.suse.com/1214869 SUSE Bug 1214869 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_YUV444ToRGB_8u_P3AC4R_BGRX` function. This issue is likely down to insufficient data for the `pSrc` variable and results in crashes. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. CVE-2023-40575 openSUSE Tumbleweed:freerdp2-devel-2.11.5-1.1 openSUSE Tumbleweed:freerdp2-proxy-2.11.5-1.1 openSUSE Tumbleweed:freerdp2-server-2.11.5-1.1 openSUSE Tumbleweed:libfreerdp2-2-2.11.5-1.1 openSUSE Tumbleweed:libwinpr2-2-2.11.5-1.1 openSUSE Tumbleweed:winpr2-devel-2.11.5-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-40575.html CVE-2023-40575 https://bugzilla.suse.com/1214870 SUSE Bug 1214870 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `RleDecompress` function. This Out-Of-Bounds Read occurs because FreeRDP processes the `pbSrcBuffer` variable without checking if it contains data of sufficient length. Insufficient data in the `pbSrcBuffer` variable may cause errors or crashes. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. CVE-2023-40576 openSUSE Tumbleweed:freerdp2-devel-2.11.5-1.1 openSUSE Tumbleweed:freerdp2-proxy-2.11.5-1.1 openSUSE Tumbleweed:freerdp2-server-2.11.5-1.1 openSUSE Tumbleweed:libfreerdp2-2-2.11.5-1.1 openSUSE Tumbleweed:libwinpr2-2-2.11.5-1.1 openSUSE Tumbleweed:winpr2-devel-2.11.5-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-40576.html CVE-2023-40576 https://bugzilla.suse.com/1214871 SUSE Bug 1214871