RLSA-2021:1849 --- freerdpID: oval:org.secpod.oval:def:4501320 | Date: (C)2023-04-03 (M)2023-11-13 |
Class: PATCH | Family: unix |
FreeRDP is a free implementation of the Remote Desktop Protocol , released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. The following packages have been upgraded to a later upstream version: freerdp . Security Fix: * freerdp: out of bounds read in TrioParse * freerdp: out of bound reads resulting in accessing memory location outside of static array PRIMARY_DRAWING_ORDER_FIELD_BYTES * freerdp: out of bounds read in PRIMARY_DRAWING_ORDER_FIELD_BYTES * freerdp: out of bounds read in license_read_new_or_upgrade_license_packet * freerdp: integer overflow due to missing input sanitation in rdpegfx channel * freerdp: out-of-bounds read in RLEDECOMPRESS * freerdp: out-of-bound read in update_read_cache_bitmap_v3_order * freerdp: out-of-bound read in glyph_cache_put For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section.