Updated freerdp packages fix security vulnerabilities
Publication date: 30 Apr 2024Modification date: 30 Apr 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-32039 , CVE-2024-32040 , CVE-2024-32041 , CVE-2024-32458 , CVE-2024-32459 , CVE-2024-32460
Description
This release is a security release and addresses multiple issues:
[Low] OutOfBound Read in zgfx_decompress_segment.
[Moderate] Integer overflow & OutOfBound Write in
clear_decompress_residual_data.
[Low] integer underflow in nsc_rle_decode.
[Low] OutOfBound Read in planar_skip_plane_rle.
[Low] OutOfBound Read in ncrush_decompress.
[Low] OutOfBound Read in interleaved_decompress.
References
- https://bugs.mageia.org/show_bug.cgi?id=33129
- https://lwn.net/Articles/970778/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32039
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32040
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32041
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32458
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32459
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32460
SRPMS
9/core
- freerdp-2.11.7-1.mga9