[ubuntu/focal-security] freerdp2 2.2.0+dfsg1-0ubuntu0.20.04.5 (Accepted)

Jorge Sancho Larraz jorge.sancho.larraz at canonical.com
Wed Oct 4 08:58:32 UTC 2023 

freerdp2 (2.2.0+dfsg1-0ubuntu0.20.04.5) focal-security; urgency=medium

  * SECURITY UPDATE: integer underflow 
    - debian/patches/CVE-2023-39350.patch: validates package length to prevent
      possible out of bound read
    - CVE-2023-39350
  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2023-39351.patch: frees content of currentMessage on
      fail to prevent null pointer access when processing next package
    - CVE-2023-39351
  * SECURITY UPDATE: missing offset validation
    - debian/patches/CVE-2023-39353-01.patch: validates offset to prevent
      possible out of bound read
    - debian/patches/CVE-2023-39353-02.patch: fixes issues with the original
      patch
    - CVE-2023-39353
  * SECURITY UPDATE: missing input validation
    - debian/patches/add_winpr_assert.h.patch: backports <winrp/assert.h>
      required by CVE-2023-39354.patch
    - debian/patches/format_string_for_Stream_CheckAndLogRequiredLength.patch:
      backports functionality required by CVE-2023-39354.patch
    - debian/patches/CVE-2023-39354.patch: validates input length to prevent
      possible out of bound read
    - CVE-2023-39354
  * SECURITY UPDATE: integer underflow 
    - debian/patches/CVE-2023-40181.patch: fixes cBitsRemaining calculation to
      prevent possible out of bound read
    - CVE-2023-40181 
  * SECURITY UPDATE: integer overflow 
    - debian/patches/CVE-2023-40186.patch: fixes integer multiplication to
      prevent possible out of bound write
    - CVE-2023-40186  
  * SECURITY UPDATE: missing input validation
    - debian/patches/ensure_integer_width.patch: ensures integer width
    - debian/patches/CVE-2023-40188.patch: validates input length to prevent
      possible out of bound read
    - CVE-2023-40188
  * SECURITY UPDATE: missing offset validation
    - debian/patches/CVE-2023-40567.patch: validates offset to prevent
      possible out of bound write
    - CVE-2023-40567   
  * SECURITY UPDATE: incorrect parameter calculation
    - debian/patches/CVE-2023-40569.patch: fixes nXSrc and nYSrc calculation
      to prevent possible out of bound write
    - CVE-2023-40569
  * SECURITY UPDATE: global buffer overflow
    - debian/patches/CVE-2023-40589.patch: fixes index checks
    - CVE-2023-40589

Date: 2023-10-03 22:15:08.461085+00:00
Changed-By: Jorge Sancho Larraz <jorge.sancho.larraz at canonical.com>
https://launchpad.net/ubuntu/+source/freerdp2/2.2.0+dfsg1-0ubuntu0.20.04.5
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list