Univention Bugzilla – Bug 52109
(ES 4.3) freerdp
Last modified: 2020-11-30 12:14:33 CET
Provide freerdp version 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4 for UCS 4.3 First imported at bug #51928 This update addresses the following issues: * Integer overflow in heap allocation in license_read_scope_list() (CVE-2014-0791) * Out-of-bounds read in update_read_icon_info function (CVE-2020-11042) * Out of bounds read in update_read_bitmap_data function (CVE-2020-11045) * Out of bounds seek in update_read_synchronize function could lead out of bounds read (CVE-2020-11046) * Out-of-bounds read could result in aborting the session (CVE-2020-11048) * Stream out-of-bounds seek in rdp_read_font_capability_set could lead to out-of-bounds read (CVE-2020-11058) * Out-of-bounds write in planar.c (CVE-2020-11521) * Out-of-bounds read in gdi.c (CVE-2020-11522) * Integer overflow in region.c (CVE-2020-11523) * Out-of-bounds read in bitmap.c (CVE-2020-11525) * Stream pointer out of bounds in update_recv_secondary_order could lead out of bounds read later (CVE-2020-11526) * Out-of-bounds read in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. (CVE-2020-13396) * Out-of-bounds read in security_fips_decrypt in libfreerdp/core/security.c (CVE-2020-13397) * Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c (CVE-2020-13398)
freerdp-x11: Installiert: 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4 Installationskandidat: 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4 Versionstabelle: *** 1.1.0~git20140921.1.440916e+dfsg1-13+deb9u4 500 500 http://192.168.0.10/build2 ucs_4.3-0-extsec4.3/amd64/ Packages
CLOSED: Released as extsec4.3 update