freerdp-2.1.1-5.0.3.el7.AXS7
エラータID: AXSA:2025-9718:01
FreeRDP is a fork of the rdesktop project.
Security fix(es):
- CVE-2024-32458: fix missing input length checks
- CVE-2024-32459: fix missing input length check
- CVE-2024-32460: fix out-of-bound read in interleaved_decompress
- CVE-2024-32039: fix integer overflow
- CVE-2024-32040: fix missing check
- CVE-2024-32041: fix integer overflow
CVE(s):
CVE-2024-32039
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).
CVE-2024-32040
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`).
CVE-2024-32041
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead.
CVE-2024-32458
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by default, require server side support).
CVE-2024-32459
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.
CVE-2024-32460
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support.
CVE-2024-32659
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
CVE-2024-32660
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
CVE-2024-32661
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
Update packages.
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`).
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead.
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by default, require server side support).
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support.
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
N/A
Asianux Server 7 for x86_64
- freerdp-2.1.1-5.0.3.el7.AXS7.x86_64.rpm
MD5: 7ca4f6fa7e8ad0d299acdeade194848c
SHA-256: 5bcfd2f86fa1bac9f51c9bbaa8a18796d09dc923d09875ee045afe2223018978
Size: 105.70 kB - freerdp-libs-2.1.1-5.0.3.el7.AXS7.i686.rpm
MD5: 9a992aee4b13541761300405e23308fc
SHA-256: a81e3cd5609d6bfc0bd41cd8d206341082f1f05e4c0c173cbfe6e24f1b829f51
Size: 820.76 kB - freerdp-libs-2.1.1-5.0.3.el7.AXS7.x86_64.rpm
MD5: b03f31f35e5949f619c629ddb0211f15
SHA-256: 294715743b50f761cf6c82ef3799e30b1dd596fad9faa9f6a8ce6f1b2ec14ce4
Size: 866.35 kB - libwinpr-2.1.1-5.0.3.el7.AXS7.i686.rpm
MD5: 0e24123647d0e3a55f853a845c2ebd44
SHA-256: d16728cb4c23535377879f625f39cfad6432f987f513cf806b78369926635781
Size: 333.86 kB - libwinpr-2.1.1-5.0.3.el7.AXS7.x86_64.rpm
MD5: e72ac302b65a89b2336e889455a4c690
SHA-256: 560d97468eec31a849c1dde4e5240f929ad3cc30f328aa8f4af67e25fa370299
Size: 347.11 kB - libwinpr-devel-2.1.1-5.0.3.el7.AXS7.i686.rpm
MD5: 4a811f936cb3e642febdb512bce1296d
SHA-256: 2d52c5c1ad2c16fc990ced72168dda25488be98afc01e3e85008731f896602a8
Size: 169.42 kB - libwinpr-devel-2.1.1-5.0.3.el7.AXS7.x86_64.rpm
MD5: eac6b9b3d3f46bab2ad6a4ff885d06b9
SHA-256: 6e893610c5d7931d4675a8988eadf35dfb21b9805ee801f7530524ae31fad33b
Size: 169.41 kB