MGASA-2024-0157 - Updated freerdp packages fix security vulnerabilities

Publication date: 30 Apr 2024
URL: https://advisories.mageia.org/MGASA-2024-0157.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2024-32039,
     CVE-2024-32040,
     CVE-2024-32041,
     CVE-2024-32458,
     CVE-2024-32459,
     CVE-2024-32460

This release is a security release and addresses multiple issues:
[Low] OutOfBound Read in zgfx_decompress_segment.
[Moderate] Integer overflow & OutOfBound Write in
clear_decompress_residual_data.
[Low] integer underflow in nsc_rle_decode.
[Low] OutOfBound Read in planar_skip_plane_rle.
[Low] OutOfBound Read in ncrush_decompress.
[Low] OutOfBound Read in interleaved_decompress.

References:
- https://bugs.mageia.org/show_bug.cgi?id=33129
- https://lwn.net/Articles/970778/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32039
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32040
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32041
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32458
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32459
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32460

SRPMS:
- 9/core/freerdp-2.11.7-1.mga9