[ubuntu/impish-security] freerdp2 2.3.0+dfsg1-2ubuntu0.1 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Tue Nov 23 15:37:47 UTC 2021
freerdp2 (2.3.0+dfsg1-2ubuntu0.1) impish-security; urgency=medium
* SECURITY UPDATE: OOB Write
- debian/patches/CVE-2021-41159-and-41160.patch: add checks
in multiple files and added checks for bitmap
width and heigth values in order to avoid out
of bounds write in
libfreerdp/core/gateway/ncacn_http.c,
libfreerdp/core/gateway/rdg.c,
libfreerdp/core/gateway/rpc.c,
libfreerdp/core/gateway/rpc.h,
libfreerdp/core/gateway/rpc_bind.c,
libfreerdp/core/gateway/rpc_bind.h,
libfreerdp/core/gateway/rpc_client.c,
libfreerdp/core/gateway/rpc_client.h,
libfreerdp/core/gateway/rpc_fault.c,
libfreerdp/core/gateway/rts.c,
libfreerdp/core/gateway/rts.h,
libfreerdp/core/gateway/rts_signature.c,
libfreerdp/core/gateway/rts_signature.h,
libfreerdp/core/gateway/tsg.c,
libfreerdp/core/orders.c,
libfreerdp/core/surface.c,
libfreerdp/core/update.c.
- CVE-2021-41159
- CVE-2021-41160
Date: 2021-11-08 13:56:10.277316+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/freerdp2/2.3.0+dfsg1-2ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the impish-changes
mailing list