SUSE: 2023:4611-1 moderate: freerdp
Summary
## This update for freerdp fixes the following issues: * CVE-2023-39350: Fixed incorrect offset calculation leading to DoS (bsc#1214856). * CVE-2023-39351: Fixed Null Pointer Dereference leading DoS in RemoteFX (bsc#1214857). * CVE-2023-39352: Fixed Invalid offset validation leading to Out Of Bound Write (bsc#1214858). * CVE-2023-39353: Fixed Missing offset validation leading to Out Of Bound Read (bsc#1214859). * CVE-2023-39354: Fixed Out-Of-Bounds Read in nsc_rle_decompress_data (bsc#1214860). * CVE-2023-39356: Fixed Missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect (bsc#1214862). * CVE-2023-40181: Fixed Integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment (bsc#1214863). * CVE-2023-40186: Fixed IntegerOverflow leading to Out-Of-Bound Write Vulnerability in gdi_CreateSurface (bsc#1214864). * CVE-2023-40188: Fixed Out-Of-Bounds Read in general_LumaToYUV444 (bsc#1214866). * CVE-2023-40567: Fixed Out-Of-Bounds Write in clear_decompress_bands_data (bsc#1214867). * CVE-2023-40569: Fixed Out-Of-Bounds Write in progressive_decompress (bsc#1214868). * CVE-2023-40574: Fixed Out-Of-Bounds Write in general_YUV444ToRGB_8u_P3AC4R_BGRX (bsc#1214869). * CVE-2023-40575: Fixed Out-Of-Bounds Read in general_YUV444ToRGB_8u_P3AC4R_BGRX (bsc#1214870). * CVE-2023-40576: Fixed Out-Of-Bounds Read in RleDecompress (bsc#1214871). * CVE-2023-40589: Fixed Global-Buffer-Overflow in ncrush_decompress (bsc#1214872). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4611=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4611=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libfreerdp2-debuginfo-2.1.2-12.38.1 * freerdp-debuginfo-2.1.2-12.38.1 * libfreerdp2-2.1.2-12.38.1 * freerdp-debugsource-2.1.2-12.38.1 * libwinpr2-2.1.2-12.38.1 * winpr2-devel-2.1.2-12.38.1 * freerdp-devel-2.1.2-12.38.1 * libwinpr2-debuginfo-2.1.2-12.38.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * freerdp-debuginfo-2.1.2-12.38.1 * libfreerdp2-debuginfo-2.1.2-12.38.1 * libfreerdp2-2.1.2-12.38.1 * freerdp-server-2.1.2-12.38.1 * freerdp-debugsource-2.1.2-12.38.1 * freerdp-proxy-2.1.2-12.38.1 * libwinpr2-2.1.2-12.38.1 * freerdp-2.1.2-12.38.1 * libwinpr2-debuginfo-2.1.2-12.38.1
References
* bsc#1214856
* bsc#1214857
* bsc#1214858
* bsc#1214859
* bsc#1214860
* bsc#1214862
* bsc#1214863
* bsc#1214864
* bsc#1214866
* bsc#1214867
* bsc#1214868
* bsc#1214869
* bsc#1214870
* bsc#1214871
* bsc#1214872
Cross-
* CVE-2023-39350
* CVE-2023-39351
* CVE-2023-39352
* CVE-2023-39353
* CVE-2023-39354
* CVE-2023-39356
* CVE-2023-40181
* CVE-2023-40186
* CVE-2023-40188
* CVE-2023-40567
* CVE-2023-40569
* CVE-2023-40574
* CVE-2023-40575
* CVE-2023-40576
* CVE-2023-40589
CVSS scores:
* CVE-2023-39350 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39350 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39351 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-39351 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-39352 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-39352 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-39353 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-39353 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-39354 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39354 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-39356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-39356 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-40181 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-40181 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-40186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-40186 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-40188 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-40188 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-40567 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-40567 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-40569 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-40569 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-40574 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-40574 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
* CVE-2023-40575 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-40575 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-40576 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-40576 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2023-40589 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
* CVE-2023-40589 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Affected Products:
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
* SUSE Linux Enterprise Software Development Kit 12 SP5
* SUSE Linux Enterprise Workstation Extension 12 12-SP5
An update that solves 15 vulnerabilities can now be installed.
##
* https://www.suse.com/security/cve/CVE-2023-39350.html
* https://www.suse.com/security/cve/CVE-2023-39351.html
* https://www.suse.com/security/cve/CVE-2023-39352.html
* https://www.suse.com/security/cve/CVE-2023-39353.html
* https://www.suse.com/security/cve/CVE-2023-39354.html
* https://www.suse.com/security/cve/CVE-2023-39356.html
* https://www.suse.com/security/cve/CVE-2023-40181.html
* https://www.suse.com/security/cve/CVE-2023-40186.html
* https://www.suse.com/security/cve/CVE-2023-40188.html
* https://www.suse.com/security/cve/CVE-2023-40567.html
* https://www.suse.com/security/cve/CVE-2023-40569.html
* https://www.suse.com/security/cve/CVE-2023-40574.html
* https://www.suse.com/security/cve/CVE-2023-40575.html
* https://www.suse.com/security/cve/CVE-2023-40576.html
* https://www.suse.com/security/cve/CVE-2023-40589.html
* https://bugzilla.suse.com/show_bug.cgi?id=1214856
* https://bugzilla.suse.com/show_bug.cgi?id=1214857
* https://bugzilla.suse.com/show_bug.cgi?id=1214858
* https://bugzilla.suse.com/show_bug.cgi?id=1214859
* https://bugzilla.suse.com/show_bug.cgi?id=1214860
* https://bugzilla.suse.com/show_bug.cgi?id=1214862
* https://bugzilla.suse.com/show_bug.cgi?id=1214863
* https://bugzilla.suse.com/show_bug.cgi?id=1214864
* https://bugzilla.suse.com/show_bug.cgi?id=1214866
* https://bugzilla.suse.com/show_bug.cgi?id=1214867
* https://bugzilla.suse.com/show_bug.cgi?id=1214868
* https://bugzilla.suse.com/show_bug.cgi?id=1214869
* https://bugzilla.suse.com/show_bug.cgi?id=1214870
* https://bugzilla.suse.com/show_bug.cgi?id=1214871
* https://bugzilla.suse.com/show_bug.cgi?id=1214872