[Bug 1223342] New: Security issus in FreeRDP
https://bugzilla.suse.com/show_bug.cgi?id=1223342 Bug ID: 1223342 Summary: Security issus in FreeRDP Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.5 Hardware: Other OS: Other Status: NEW Severity: Critical Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: ecsos@schirra.net QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- CVE-2024-32039 CVE-2024-32040 CVE-2024-32041 CVE-2024-32458 CVE-2024-32459 CVE-2024-32460 Request is here: https://build.opensuse.org/request/show/1170000 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1223342 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |1223293, 1223294, 1223295, | |1223296, 1223297, 1223298 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1223342 https://bugzilla.suse.com/show_bug.cgi?id=1223342#c1 Carlos López <carlos.lopez@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |carlos.lopez@suse.com --- Comment #1 from Carlos López <carlos.lopez@suse.com> --- (In reply to Eric Schirra from comment #0)
CVE-2024-32039 bsc#1223293 CVE-2024-32040 bsc#1223294 CVE-2024-32041 bsc#1223295 CVE-2024-32458 bsc#1223296 CVE-2024-32459 bsc#1223297 CVE-2024-32460 bsc#1223298 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1223342 https://bugzilla.suse.com/show_bug.cgi?id=1223342#c2 --- Comment #2 from Carlos López <carlos.lopez@suse.com> --- Ah sorry, did not see you linked them in this bug. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1223342 Bug 1223342 depends on bug 1223298, which changed state. Bug 1223298 Summary: VUL-0: CVE-2024-32460: freerdp: out-of-bounds read when using `/bpp:32` legacy `GDI` drawing path https://bugzilla.suse.com/show_bug.cgi?id=1223298 What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1223342 Bug 1223342 depends on bug 1223298, which changed state. Bug 1223298 Summary: VUL-0: CVE-2024-32460: freerdp: out-of-bounds read when using `/bpp:32` legacy `GDI` drawing path https://bugzilla.suse.com/show_bug.cgi?id=1223298 What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED |--- -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1223342 Bug 1223342 depends on bug 1223298, which changed state. Bug 1223298 Summary: VUL-0: CVE-2024-32460: freerdp: out-of-bounds read when using `/bpp:32` legacy `GDI` drawing path https://bugzilla.suse.com/show_bug.cgi?id=1223298 What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1223342 Bug 1223342 depends on bug 1223296, which changed state. Bug 1223296 Summary: VUL-0: CVE-2024-32458: freerdp: out-of-bounds read on pSrcData[] https://bugzilla.suse.com/show_bug.cgi?id=1223296 What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1223342 Bug 1223342 depends on bug 1223294, which changed state. Bug 1223294 Summary: VUL-0: CVE-2024-32040: freerdp: integer underflow when using the `NSC` codec https://bugzilla.suse.com/show_bug.cgi?id=1223294 What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1223342 Bug 1223342 depends on bug 1223295, which changed state. Bug 1223295 Summary: VUL-0: CVE-2024-32041: freerdp: out-of-bounds read in Stream_GetRemainingLength() https://bugzilla.suse.com/show_bug.cgi?id=1223295 What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1223342 Bug 1223342 depends on bug 1223293, which changed state. Bug 1223293 Summary: VUL-0: CVE-2024-32039: freerdp: out-of-bounds write with variables of type uint32 https://bugzilla.suse.com/show_bug.cgi?id=1223293 What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1223342 Bug 1223342 depends on bug 1223297, which changed state. Bug 1223297 Summary: VUL-0: CVE-2024-32459: freerdp: out-of-bounds read in case SrcSize less than 4 https://bugzilla.suse.com/show_bug.cgi?id=1223297 What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com