[ubuntu/lunar-updates] freerdp2 2.10.0+dfsg1-1ubuntu0.2 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Wed Oct 4 09:58:32 UTC 2023 

freerdp2 (2.10.0+dfsg1-1ubuntu0.2) lunar-security; urgency=medium

  * SECURITY UPDATE: integer underflow 
    - debian/patches/CVE-2023-39350.patch: validates package length to prevent
      possible out of bound read
    - CVE-2023-39350
  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2023-39351.patch: frees content of currentMessage on
      fail to prevent null pointer access when processing next package
    - CVE-2023-39351
  * SECURITY UPDATE: missing offset validation
    - debian/patches/CVE-2023-39353-01.patch: validates offset to prevent
      possible out of bound read
    - debian/patches/CVE-2023-39353-02.patch: fixes issues with the previous
      patch
    - CVE-2023-39353
  * SECURITY UPDATE: missing input validation
    - debian/patches/CVE-2023-39354.patch: validates input length to prevent
      possible out of bound read
    - CVE-2023-39354
  * SECURITY UPDATE: integer underflow 
    - debian/patches/CVE-2023-40181.patch: fixes cBitsRemaining calculation to
      prevent possible out of bound read
    - CVE-2023-40181 
  * SECURITY UPDATE: integer overflow 
    - debian/patches/CVE-2023-40186.patch: fixes integer multiplication to
      prevent possible out of bound write
    - CVE-2023-40186  
  * SECURITY UPDATE: missing input validation
    - debian/patches/ensure_integer_width.patch: ensures integer width
    - debian/patches/CVE-2023-40188.patch: validates input length to prevent
      possible out of bound read
    - CVE-2023-40188
  * SECURITY UPDATE: missing offset validation
    - debian/patches/CVE-2023-40567.patch: validates offset to prevent
      possible out of bound write
    - CVE-2023-40567   
  * SECURITY UPDATE: incorrect parameter calculation
    - debian/patches/CVE-2023-40569.patch: fixes nXSrc and nYSrc calculation
      to prevent possible out of bound write
    - CVE-2023-40569
  * SECURITY UPDATE: global buffer overflow
    - debian/patches/CVE-2023-40589.patch: fixes index checks
    - CVE-2023-40589

Date: 2023-09-28 15:21:08.656860+00:00
Changed-By: Jorge Sancho Larraz <jorge.sancho.larraz at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/freerdp2/2.10.0+dfsg1-1ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.

More information about the lunar-changes mailing list