[ubuntu/impish-security] freerdp2 2.3.0+dfsg1-2ubuntu0.1 (Accepted)

Leonidas S. Barbosa leo.barbosa at canonical.com
Tue Nov 23 15:37:47 UTC 2021


freerdp2 (2.3.0+dfsg1-2ubuntu0.1) impish-security; urgency=medium

  * SECURITY UPDATE: OOB Write
    - debian/patches/CVE-2021-41159-and-41160.patch: add checks
      in multiple files and added checks for bitmap
      width and heigth values in order to avoid out
      of bounds write in
      libfreerdp/core/gateway/ncacn_http.c,
      libfreerdp/core/gateway/rdg.c,
      libfreerdp/core/gateway/rpc.c,
      libfreerdp/core/gateway/rpc.h,
      libfreerdp/core/gateway/rpc_bind.c,
      libfreerdp/core/gateway/rpc_bind.h,
      libfreerdp/core/gateway/rpc_client.c,
      libfreerdp/core/gateway/rpc_client.h,
      libfreerdp/core/gateway/rpc_fault.c,
      libfreerdp/core/gateway/rts.c,
      libfreerdp/core/gateway/rts.h,
      libfreerdp/core/gateway/rts_signature.c,
      libfreerdp/core/gateway/rts_signature.h,
      libfreerdp/core/gateway/tsg.c,
      libfreerdp/core/orders.c,
      libfreerdp/core/surface.c,
      libfreerdp/core/update.c.
    - CVE-2021-41159
    - CVE-2021-41160

Date: 2021-11-08 13:56:10.277316+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/freerdp2/2.3.0+dfsg1-2ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the impish-changes mailing list