freerdp-2.11.2-1.el9
エラータID: AXSA:2024-7888:01
以下項目について対処しました。
[Security Fix]
- FreeRDP には、データ長のチェック処理の不備に起因した
整数アンダーフローの問題があるため、リモートの攻撃者に
より、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2023-39350)
- FreeRDP の RemoteFX 処理の rfx_process_message_tileset()
関数には、NULL ポインタデリファレンスの問題があるため、
リモートの攻撃者により、サービス拒否攻撃 (クラッシュの
発生) を可能とする脆弱性が存在します。(CVE-2023-39351)
- FreeRDP には、内部変数のチェック処理の不備に起因した
メモリ領域の範囲外書き込みの問題があるため、リモートの
攻撃者により、サービス拒否攻撃 (クラッシュの発生) を可能
とする脆弱性が存在します。(CVE-2023-39352)
- FreeRDP の libfreerdp/codec/rfx.c には、オフセットの
チェック処理の欠落に起因したメモリ領域の範囲外読み取り
の問題があるため、リモートの攻撃者により、細工された入力
を介して、サービス拒否攻撃 (クラッシュの発生) を可能とする
脆弱性が存在します。(CVE-2023-39353)
- FreeRDP の nsc_rle_decompress_data() 関数には、データ長
の検証処理の欠落に起因したメモリ領域の範囲外読み取りの
問題があるため、リモートの攻撃者により、サービス拒否攻撃
(クラッシュの発生) を可能とする脆弱性が存在します。
(CVE-2023-39354)
- FreeRDP の gdi_multi_opaque_rect() 関数には、内部変数の
チェック処理の欠落に起因したメモリ領域の範囲外読み取りの
問題があるため、リモートの攻撃者により、サービス拒否攻撃
(クラッシュの発生) を可能とする脆弱性が存在します。
(CVE-2023-39356)
- FreeRDP の zgfx_decompress_segment() 関数には、整数
アンダーフローに起因するメモリ領域の範囲外読み取りの問題
があるため、リモートの攻撃者により、サービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2023-40181)
- FreeRDP の gdi_CreateSurface() 関数には、整数オーバー
フローに起因するメモリ領域の範囲外書き込みの問題がある
ため、リモートの攻撃者により、メモリ破壊を可能とする
脆弱性が存在します。(CVE-2023-40186)
- FreeRDP の general_LumaToYUV444() 関数には、データ長
のチェック処理の不備に起因したメモリ領域の範囲外読み取り
の問題があるため、リモートの攻撃者により、サービス拒否
攻撃 (クラッシュの発生) を可能とする脆弱性が存在します。
(CVE-2023-40188)
- FreeRDP の clear_decompress_bands_data() 関数には、
オフセットの検証漏れに起因したメモリ領域の範囲外書き
込みの問題があるため、リモートの攻撃者により、メモリ
破壊を可能とする脆弱性が存在します。(CVE-2023-40567)
- FreeRDP の progressive_decompress() 関数には、内部
変数の計算不備に起因するメモリ領域の範囲外書き込みの
問題があるため、リモートの攻撃者により、メモリ破壊、
およびサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2023-40569)
- FreeRDP の ncrush_decompress() 関数には、バッファー
オーバーフローの問題があるため、リモートの攻撃者により、
細工された入力を介して、サービス拒否攻撃 (クラッシュの
発生) を可能とする脆弱性が存在します。(CVE-2023-40589)
パッケージをアップデートしてください。
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect->left` and `rect->top` are exactly equal to `surface->width` and `surface->height`. eg. `rect->left` == `surface->width` && `rect->top` == `surface->height`. In practice this should cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result crafted input can lead to an out of bounds read access which in turn will cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficient data for the `in` variable may cause errors or crashes. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSrc` variables. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.
N/A
SRPMS
- freerdp-2.11.2-1.el9.src.rpm
MD5: b4a0889d93cd978e88d6a268791d82c6
SHA-256: 3ae814e526a2e1d18df25953762be30d45138f371c1f7a1854932fdf314598fd
Size: 6.99 MB
Asianux Server 9 for x86_64
- freerdp-2.11.2-1.el9.x86_64.rpm
MD5: 882dcf30b2b5d8592eb5accb980af45b
SHA-256: 738c19b666aebd128f2643cf30a49ab91b4932d067f22771179130401cc40f31
Size: 112.19 kB - freerdp-devel-2.11.2-1.el9.i686.rpm
MD5: 119bab898dc32452cd9e1033b1a74344
SHA-256: 776367c2a171ce985d530dfb90a7714669070396ae72890308357ac955fe81b4
Size: 138.14 kB - freerdp-devel-2.11.2-1.el9.x86_64.rpm
MD5: 4f189c48b9ab3ce7035ca5e7ecf615ec
SHA-256: 6b63840e88f4b11654451f667709e5998597c37c4cc441ae994602fdb9f45b24
Size: 138.14 kB - freerdp-libs-2.11.2-1.el9.i686.rpm
MD5: 53bd827da3423d8d7a27b52568bba5f4
SHA-256: 1fdf10a0c6588a05d76eb53b85bdbf5b78b7c9f5672e81e45e9df4d3898f42c4
Size: 842.09 kB - freerdp-libs-2.11.2-1.el9.x86_64.rpm
MD5: 6c7a8758959a4dc74ede7a13560856b5
SHA-256: f8c206a22bb54c26dae6902793a9a21486c6ae69aecc5f4c7ec6925a6d35171d
Size: 892.88 kB - libwinpr-2.11.2-1.el9.i686.rpm
MD5: 412e018535495ec4f3e1566686bc530c
SHA-256: 5174c7f1f0bad3fb1de1ef364a613e43df90a9f3c2af40ca36f33434568ef43d
Size: 340.08 kB - libwinpr-2.11.2-1.el9.x86_64.rpm
MD5: cebeeee1f48f6abe4fe7765ac3f809ad
SHA-256: 2ff6406074997761ea9c6375ba90f1b0df38c2afe1d13cbcdf19d2253f208e3c
Size: 355.15 kB - libwinpr-devel-2.11.2-1.el9.i686.rpm
MD5: 9b823a495fcbdac6c897d63dddbe24e3
SHA-256: 717d8aba3aeb11f3c869790b0b3b262e4af418ee62d5b92efa30a2395197efa8
Size: 163.55 kB - libwinpr-devel-2.11.2-1.el9.x86_64.rpm
MD5: 960b578b4b1a1fd91ef474a7af8508ad
SHA-256: 3a8ee33c8d2073714782102928dfacbdcce965c55c454872fb407ddf8435809b
Size: 163.58 kB