freerdp2-devel-2.11.5-3.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13994-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z freerdp2-devel-2.11.5-3.1 on GA media These are all security issues fixed in the freerdp2-devel-2.11.5-3.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13994 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-32658/ SUSE CVE CVE-2024-32658 page https://www.suse.com/security/cve/CVE-2024-32659/ SUSE CVE CVE-2024-32659 page https://www.suse.com/security/cve/CVE-2024-32660/ SUSE CVE CVE-2024-32660 page https://www.suse.com/security/cve/CVE-2024-32661/ SUSE CVE CVE-2024-32661 page openSUSE Tumbleweed freerdp2-devel-2.11.5-3.1 freerdp2-proxy-2.11.5-3.1 freerdp2-server-2.11.5-3.1 libfreerdp2-2-2.11.5-3.1 libwinpr2-2-2.11.5-3.1 winpr2-devel-2.11.5-3.1 freerdp2-devel-2.11.5-3.1 as a component of openSUSE Tumbleweed freerdp2-proxy-2.11.5-3.1 as a component of openSUSE Tumbleweed freerdp2-server-2.11.5-3.1 as a component of openSUSE Tumbleweed libfreerdp2-2-2.11.5-3.1 as a component of openSUSE Tumbleweed libwinpr2-2-2.11.5-3.1 as a component of openSUSE Tumbleweed winpr2-devel-2.11.5-3.1 as a component of openSUSE Tumbleweed FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available. CVE-2024-32658 openSUSE Tumbleweed:freerdp2-devel-2.11.5-3.1 openSUSE Tumbleweed:freerdp2-proxy-2.11.5-3.1 openSUSE Tumbleweed:freerdp2-server-2.11.5-3.1 openSUSE Tumbleweed:libfreerdp2-2-2.11.5-3.1 openSUSE Tumbleweed:libwinpr2-2-2.11.5-3.1 openSUSE Tumbleweed:winpr2-devel-2.11.5-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-32658.html CVE-2024-32658 https://bugzilla.suse.com/1223353 SUSE Bug 1223353 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available. CVE-2024-32659 openSUSE Tumbleweed:freerdp2-devel-2.11.5-3.1 openSUSE Tumbleweed:freerdp2-proxy-2.11.5-3.1 openSUSE Tumbleweed:freerdp2-server-2.11.5-3.1 openSUSE Tumbleweed:libfreerdp2-2-2.11.5-3.1 openSUSE Tumbleweed:libwinpr2-2-2.11.5-3.1 openSUSE Tumbleweed:winpr2-devel-2.11.5-3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-32659.html CVE-2024-32659 https://bugzilla.suse.com/1223346 SUSE Bug 1223346 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available. CVE-2024-32660 openSUSE Tumbleweed:freerdp2-devel-2.11.5-3.1 openSUSE Tumbleweed:freerdp2-proxy-2.11.5-3.1 openSUSE Tumbleweed:freerdp2-server-2.11.5-3.1 openSUSE Tumbleweed:libfreerdp2-2-2.11.5-3.1 openSUSE Tumbleweed:libwinpr2-2-2.11.5-3.1 openSUSE Tumbleweed:winpr2-devel-2.11.5-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-32660.html CVE-2024-32660 https://bugzilla.suse.com/1223347 SUSE Bug 1223347 FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available. CVE-2024-32661 openSUSE Tumbleweed:freerdp2-devel-2.11.5-3.1 openSUSE Tumbleweed:freerdp2-proxy-2.11.5-3.1 openSUSE Tumbleweed:freerdp2-server-2.11.5-3.1 openSUSE Tumbleweed:libfreerdp2-2-2.11.5-3.1 openSUSE Tumbleweed:libwinpr2-2-2.11.5-3.1 openSUSE Tumbleweed:winpr2-devel-2.11.5-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-32661.html CVE-2024-32661 https://bugzilla.suse.com/1223348 SUSE Bug 1223348