CESA-2020:4031 -- centos 7 freerdpID: oval:org.secpod.oval:def:205649 | Date: (C)2020-10-28 (M)2023-12-20 |
Class: PATCH | Family: unix |
FreeRDP is a free implementation of the Remote Desktop Protocol , released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. The following packages have been upgraded to a later upstream version: freerdp . Security Fix: * freerdp: Out of bound read in cliprdr_server_receive_capabilities * freerdp: Out of bound read/write in usb redirection channel * freerdp: out-of-bounds read in update_read_icon_info function * freerdp: out-of-bounds read in autodetect_recv_bandwidth_measure_results function * freerdp: Out-of-bounds read in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. * freerdp: Out-of-bounds read in security_fips_decrypt in libfreerdp/core/security.c * freerdp: Out of bound read in update_recv could result in a crash * freerdp: Integer overflow in VIDEO channel * freerdp: Out of bound access in clear_decompress_subcode_rlex * freerdp: Unchecked read of array offset in rdpsnd_recv_wave2_pdu * freerdp: out of bound read in rfx_process_message_tileset * freerdp: double free in update_read_cache_bitmap_v3_order function * freerdp: out of bounds read in update_read_bitmap_data function * freerdp: out of bounds seek in update_read_synchronize function could lead out of bounds read * freerdp: out-of-bounds read could result in aborting the session * freerdp: out-of-bound read of client memory that is then passed on to the protocol parser * freerdp: stream out-of-bounds seek in rdp_read_font_capability_set could lead to out-of-bounds read * freerdp: out-of-bounds read in cliprdr_read_format_list function * freerdp: out-of-bounds read in ntlm_read_ntlm_v2_client_challenge function * freerdp: out-of-bounds read in ntlm_read_AuthenticateMessage * freerdp: out-of-bounds read in ntlm_read_NegotiateMessage * freerdp: out-of-bounds read in irp functions * freerdp: out-of-bounds read in gdi.c * freerdp: out-of-bounds read in bitmap.c * freerdp: Stream pointer out of bounds in update_recv_secondary_order could lead out of bounds read later For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.