RLSA-2024:9092

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.

Security Fix(es):

• freerdp: Integer Overflow leading to Heap Overflow in freerdpbitmapplanarcontextreset (CVE-2024-22211)

• freerdp: out-of-bounds read in ncrush_decompress (CVE-2024-32459)

• freerdp: OutOfBound Read in interleaved_decompress (CVE-2024-32460)

• freerdp: Integer overflow & OutOfBound Write in cleardecompressresidual_data (CVE-2024-32039)

• freerdp: integer underflow in nscrledecode (CVE-2024-32040)

• freerdp: OutOfBound Read in zgfxdecompresssegment (CVE-2024-32041)

• freerdp: OutOfBound Read in planarskipplane_rle (CVE-2024-32458)

• freerdp: out-of-bounds read (CVE-2024-32662)

• FreeRDP: ExtractRunLengthRegular* out of bound read (CVE-2024-32658)

• freerdp: zgfx_decompress out of memory (CVE-2024-32660)

• freerdp: freerdpimagecopy out of bound read (CVE-2024-32659)

• freerdp: rdpwritelogoninfov1 NULL access (CVE-2024-32661)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 9.5 Release Notes linked from the References section.