[ubuntu/jammy-security] freerdp2 2.6.1+dfsg1-3ubuntu2.3 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Nov 22 16:08:50 UTC 2022 

freerdp2 (2.6.1+dfsg1-3ubuntu2.3) jammy-security; urgency=medium

  * SECURITY UPDATE: out of bounds read via parallel driver
    - debian/patches/CVE-2022-39282.patch: fix length checks in parallel
      driver in channels/parallel/client/parallel_main.c.
    - CVE-2022-39282
  * SECURITY UPDATE: out of bounds read via video channel
    - debian/patches/CVE-2022-39283.patch: fixed missing length check in
      video channel in channels/video/client/video_main.c.
    - CVE-2022-39283
  * SECURITY UPDATE: out of bounds reads in ZGFX decoder component
    - debian/patches/CVE-2022-39316_7.patch: added missing length checks in
      zgfx_decompress_segment in libfreerdp/codec/zgfx.c.
    - CVE-2022-39316
    - CVE-2022-39317
  * SECURITY UPDATE: missing input validation in urbdrc
    - debian/patches/CVE-2022-39318.patch: fixed division by zero in urbdrc
      in channels/urbdrc/client/libusb/libusb_udevice.c.
    - CVE-2022-39318
  * SECURITY UPDATE: missing input length validation in urbdrc
    - debian/patches/CVE-2022-39319-1.patch: fixed missing input buffer
      length check in urbdrc in channels/urbdrc/client/data_transfer.c.
    - debian/patches/CVE-2022-39319-2.patch: added missing length check in
      urb_control_transfer in channels/urbdrc/client/data_transfer.c.
    - CVE-2022-39319
  * SECURITY UPDATE: out of bounds read in usb
    - debian/patches/CVE-2022-39320.patch: ensure urb_create_iocompletion
      uses size_t for calculation in
      channels/urbdrc/client/data_transfer.c.
    - CVE-2022-39320
  * SECURITY UPDATE: missing path canonicalization and base path check
    for drive channel
    - debian/patches/CVE-2022-39347-1.patch: added function _wcsncmp in
      winpr/include/winpr/string.h, winpr/libwinpr/crt/string.c.
    - debian/patches/CVE-2022-39347-2.patch: fix wcs*cmp and wcs*len checks
      in winpr/libwinpr/crt/string.c.
    - debian/patches/CVE-2022-39347-3.patch: added wcsstr implementation in
      winpr/include/winpr/string.h, winpr/libwinpr/crt/string.c.
    - debian/patches/CVE-2022-39347-4.patch: fixed path validation in drive
      channel in channels/drive/client/drive_file.c,
      channels/drive/client/drive_file.h,
      channels/drive/client/drive_main.c.
    - CVE-2022-39347

freerdp2 (2.6.1+dfsg1-3ubuntu2.2) jammy; urgency=medium

  * Cherry-pick !7836 to fix a crash seen when trying to connect to
    an Ubuntu/GNOME session when the screen is locked LP: #1970994

Date: 2022-11-21 16:18:14.181485+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/freerdp2/2.6.1+dfsg1-3ubuntu2.3
-------------- next part --------------
Sorry, changesfile not available.

More information about the jammy-changes mailing list