Ubuntu
freerdp3 package

Update freerdp3 to 3.5.0

Bug #2061907 reported by Jeremy Bícha on 2024-04-16

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	freerdp3 (Ubuntu)	Fix Released	High	Unassigned

Bug Description

freerdp 3.5.0 was released as a security update.

https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0

https://github.com/FreeRDP/FreeRDP/compare/3.4.0...3.5.0

There are a very large number of coverity fixes and bound check fixes and resource leak updates in the new release. It does not look very practical to cherry-pick only some of those fixes. And the git commits aren't directly associated with which CVE they are supposed to fix.

Tags:

CVE References

Jeremy Bícha (jbicha) on 2024-04-16

Changed in freerdp3 (Ubuntu):
status:	Triaged → In Progress

Jeremy Bícha (jbicha) on 2024-04-17

Changed in freerdp3 (Ubuntu):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2024-04-17:

This bug was fixed in the package freerdp3 - 3.5.0+dfsg1-0ubuntu1

---------------
freerdp3 (3.5.0+dfsg1-0ubuntu1) noble; urgency=medium

  * New upstream release (LP: #2061907)
    - CVE-2024-32039 [Moderate] Integer overflow & OutOfBound Write in
      clear_decompress_residual_data
    - CVE-2024-32040 [Low] integer underflow in nsc_rle_decode
    - CVE-2024-32041 [Low] OutOfBound Read in zgfx_decompress_segment
    - CVE-2024-32458 [Low] OutOfBound Read in planar_skip_plane_rle
    - CVE-2024-32459 [Low] OutOfBound Read in ncrush_decompress
    - CVE-2024-32460 [Low] OutOfBound Read in interleaved_decompress

-- Jeremy Bícha <email address hidden> Tue, 16 Apr 2024 17:23:57 -0400

Changed in freerdp3 (Ubuntu):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntufreerdp3 package