freerdp-2.11.7-1.el9_7.6
エラータID: AXSA:2026-461:14
リリース日:
2026/04/19 Sunday - 13:18
題名:
freerdp-2.11.7-1.el9_7.6
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- FreeRDP には、整数オーバーフローの問題があるため、リモートの
攻撃者により、サービス拒否攻撃 (DoS) 可能とする脆弱性が存在します。
(CVE-2026-33983)
- FreeRDP には、バッファサイズの算出処理に不備があるため、
リモートの攻撃者により、任意のコードの実行を可能とする脆弱性が
存在します。(CVE-2026-33984)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-33983
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressive_decompress_tile_upgrade() detects a mismatch via progressive_rfx_quant_cmp_equal() but only emits WLog_WARN, execution continues. The wrapped value (247) is used as a shift exponent, causing undefined behavior and an approximately 80 billion iteration loop (CPU DoS). This issue has been patched in version 3.24.2.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressive_decompress_tile_upgrade() detects a mismatch via progressive_rfx_quant_cmp_equal() but only emits WLog_WARN, execution continues. The wrapped value (247) is used as a shift exponent, causing undefined behavior and an approximately 80 billion iteration loop (CPU DoS). This issue has been patched in version 3.24.2.
CVE-2026-33984
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resize_vbar_entry() in libfreerdp/codec/clear.c, vBarEntry->size is updated to vBarEntry->count before the winpr_aligned_recalloc() call. If realloc fails, size is inflated while pixels still points to the old, smaller buffer. On a subsequent call where count <= size (the inflated value), realloc is skipped. The caller then writes count * bpp bytes of attacker-controlled pixel data into the undersized buffer, causing a heap buffer overflow. This issue has been patched in version 3.24.2.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resize_vbar_entry() in libfreerdp/codec/clear.c, vBarEntry->size is updated to vBarEntry->count before the winpr_aligned_recalloc() call. If realloc fails, size is inflated while pixels still points to the old, smaller buffer. On a subsequent call where count <= size (the inflated value), realloc is skipped. The caller then writes count * bpp bytes of attacker-controlled pixel data into the undersized buffer, causing a heap buffer overflow. This issue has been patched in version 3.24.2.
追加情報:
N/A
ダウンロード:
SRPMS
- freerdp-2.11.7-1.el9_7.6.src.rpm
MD5: 63ce869140aabc55200770f4fa8d73a5
SHA-256: 84e8a077576e27fc911a750ebc5c5696ddfd1326ce5c5c70e000d3bc026cabcb
Size: 7.03 MB
Asianux Server 9 for x86_64
- freerdp-2.11.7-1.el9_7.6.x86_64.rpm
MD5: e63ee4e96a29948d816143d8cbc6f50f
SHA-256: 79e9a8b0dd0e7a55637ec4f3493df76fe1068f92e51960d39818bf40eb70235f
Size: 111.49 kB - freerdp-devel-2.11.7-1.el9_7.6.i686.rpm
MD5: a132a9e47760b4d7c57d3ae66a823d30
SHA-256: 964f1af5fa00ee76a503384bb19cc536c21024dad25971f9a1618edd941cdc5d
Size: 176.03 kB - freerdp-devel-2.11.7-1.el9_7.6.x86_64.rpm
MD5: b76d7c28e067603188b56e87d9a45cf0
SHA-256: e2fef6fe6259d5652631405cede0f099ae3fc9756956341809d81f160e04fe1d
Size: 176.06 kB - freerdp-libs-2.11.7-1.el9_7.6.i686.rpm
MD5: c6dffc51d0034407e52282e443f102ca
SHA-256: 1d10d3cd6f5fa7becc91c6df1d34a2d52c07dc2ed5b9b225d8893a23ea685ec2
Size: 851.58 kB - freerdp-libs-2.11.7-1.el9_7.6.x86_64.rpm
MD5: efea372874434bc83a14cfa7e816ea4e
SHA-256: 8ca406fe0169e886bcca9fab99ddac038ee1b9a80f1f0b8a4af0f7426355914e
Size: 906.72 kB - libwinpr-2.11.7-1.el9_7.6.i686.rpm
MD5: 35852b79a941f572e38f461897d2229e
SHA-256: dc42b6cd1a924526b63e6dc3ac7211b3e447733ef69b3a57bc65a5deab7d211e
Size: 341.60 kB - libwinpr-2.11.7-1.el9_7.6.x86_64.rpm
MD5: fb9eb6ce77b8b3b839489707977562dc
SHA-256: fa1f70c5c058da742f0b359daa842d44a55b54052221c17e33bcc1468522d1e5
Size: 353.79 kB - libwinpr-devel-2.11.7-1.el9_7.6.i686.rpm
MD5: 8ffef6dd33f682be4554b729c61c201a
SHA-256: 149eacb56174191330d55215326c34a8f8b91816fe406a3e903953d2d56013eb
Size: 181.89 kB - libwinpr-devel-2.11.7-1.el9_7.6.x86_64.rpm
MD5: edf151b855dbe2955f5a2dcf668a194a
SHA-256: 3c1a38ee36176b872289d45baa383c3af8e86f04a1865bca30d0a4bfc15815ce
Size: 181.88 kB
English