Publishing details
Changelog
freerdp2 (2.2.0+dfsg1-0ubuntu0.18.04.4) bionic-security; urgency=medium
* SECURITY UPDATE: out of bounds read via parallel driver
- debian/patches/CVE-2022-39282.patch: fix length checks in parallel
driver in channels/parallel/client/parallel_main.c.
- CVE-2022-39282
* SECURITY UPDATE: out of bounds read via video channel
- debian/patches/CVE-2022-39283.patch: fixed missing length check in
video channel in channels/video/client/video_main.c.
- CVE-2022-39283
* SECURITY UPDATE: out of bounds reads in ZGFX decoder component
- debian/patches/CVE-2022-39316_7.patch: added missing length checks in
zgfx_decompress_segment in libfreerdp/codec/zgfx.c.
- CVE-2022-39316
- CVE-2022-39317
* SECURITY UPDATE: missing input validation in urbdrc
- debian/patches/CVE-2022-39318.patch: fixed division by zero in urbdrc
in channels/urbdrc/client/libusb/libusb_udevice.c.
- CVE-2022-39318
* SECURITY UPDATE: missing input length validation in urbdrc
- debian/patches/CVE-2022-39319-1.patch: fixed missing input buffer
length check in urbdrc in channels/urbdrc/client/data_transfer.c.
- debian/patches/CVE-2022-39319-2.patch: added missing length check in
urb_control_transfer in channels/urbdrc/client/data_transfer.c.
- CVE-2022-39319
* SECURITY UPDATE: out of bounds read in usb
- debian/patches/CVE-2022-39320.patch: ensure urb_create_iocompletion
uses size_t for calculation in
channels/urbdrc/client/data_transfer.c.
- CVE-2022-39320
* SECURITY UPDATE: missing path canonicalization and base path check
for drive channel
- debian/patches/CVE-2022-39347-1.patch: added function _wcsncmp in
winpr/include/winpr/string.h, winpr/libwinpr/crt/string.c.
- debian/patches/CVE-2022-39347-2.patch: fix wcs*cmp and wcs*len checks
in winpr/libwinpr/crt/string.c.
- debian/patches/CVE-2022-39347-3.patch: added wcsstr implementation in
winpr/include/winpr/string.h, winpr/libwinpr/crt/string.c.
- debian/patches/CVE-2022-39347-4.patch: fixed path validation in drive
channel in channels/drive/client/drive_file.c,
channels/drive/client/drive_file.h,
channels/drive/client/drive_main.c.
- CVE-2022-39347
-- Marc Deslauriers <email address hidden> Mon, 21 Nov 2022 11:20:15 -0500
Builds
Built packages
-
freerdp2-dev
Free Remote Desktop Protocol library (development files)
-
freerdp2-shadow-x11
FreeRDP x11 shadowing server
-
freerdp2-shadow-x11-dbgsym
debug symbols for freerdp2-shadow-x11
-
freerdp2-wayland
RDP client for Windows Terminal Services (wayland client)
-
freerdp2-wayland-dbgsym
debug symbols for freerdp2-wayland
-
freerdp2-x11
RDP client for Windows Terminal Services (X11 client)
-
freerdp2-x11-dbgsym
debug symbols for freerdp2-x11
-
libfreerdp-client2-2
Free Remote Desktop Protocol library (client library)
-
libfreerdp-client2-2-dbgsym
debug symbols for libfreerdp-client2-2
-
libfreerdp-server2-2
Free Remote Desktop Protocol library (server library)
-
libfreerdp-server2-2-dbgsym
debug symbols for libfreerdp-server2-2
-
libfreerdp-shadow-subsystem2-2
FreeRDP Remote Desktop Protocol shadow subsystem libraries
-
libfreerdp-shadow-subsystem2-2-dbgsym
debug symbols for libfreerdp-shadow-subsystem2-2
-
libfreerdp-shadow2-2
FreeRDP Remote Desktop Protocol shadow libraries
-
libfreerdp-shadow2-2-dbgsym
debug symbols for libfreerdp-shadow2-2
-
libfreerdp2-2
Free Remote Desktop Protocol library (core library)
-
libfreerdp2-2-dbgsym
debug symbols for libfreerdp2-2
-
libuwac0-0
Using wayland as a client library
-
libuwac0-0-dbgsym
debug symbols for libuwac0-0
-
libuwac0-dev
Using wayland as a client (development files)
-
libwinpr-tools2-2
Windows Portable Runtime Tools library
-
libwinpr-tools2-2-dbgsym
debug symbols for libwinpr-tools2-2
-
libwinpr2-2
Windows Portable Runtime library
-
libwinpr2-2-dbgsym
debug symbols for libwinpr2-2
-
libwinpr2-dev
Windows Portable Runtime library (development files)
-
winpr-utils
Windows Portable Runtime library command line utilities
-
winpr-utils-dbgsym
debug symbols for winpr-utils
Package files