ESB-2023.7202 – [SUSE] freerdp: CVSS (Max): 6.5

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2023.7202
Security update for freerdp
1 December 2023

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: freerdp
Publisher: SUSE
Operating System: SUSE
Resolution: Patch/Upgrade
CVE Names: CVE-2023-40589 CVE-2023-40576 CVE-2023-40575
CVE-2023-40574 CVE-2023-40569 CVE-2023-40567
CVE-2023-40188 CVE-2023-40186 CVE-2023-40181
CVE-2023-39356 CVE-2023-39354 CVE-2023-39353
CVE-2023-39352 CVE-2023-39351 CVE-2023-39350

Original Bulletin:
https://www.suse.com/support/update/announcement/2023/suse-su-20234611-1

Comment: CVSS (Max): 6.5 CVE-2023-40574 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
CVSS Source: SUSE
Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

– ————————–BEGIN INCLUDED TEXT——————–

Security update for freerdp

Announcement ID: SUSE-SU-2023:4611-1
Rating: moderate
o bsc#1214856
o bsc#1214857
o bsc#1214858
o bsc#1214859
o bsc#1214860
o bsc#1214862
o bsc#1214863
References: o bsc#1214864
o bsc#1214866
o bsc#1214867
o bsc#1214868
o bsc#1214869
o bsc#1214870
o bsc#1214871
o bsc#1214872

o CVE-2023-39350
o CVE-2023-39351
o CVE-2023-39352
o CVE-2023-39353
o CVE-2023-39354
o CVE-2023-39356
o CVE-2023-40181
Cross-References: o CVE-2023-40186
o CVE-2023-40188
o CVE-2023-40567
o CVE-2023-40569
o CVE-2023-40574
o CVE-2023-40575
o CVE-2023-40576
o CVE-2023-40589

o CVE-2023-39350 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N
/S:U/C:N/I:N/A:H
o CVE-2023-39350 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/
S:U/C:N/I:N/A:H
o CVE-2023-39351 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:L
o CVE-2023-39351 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
S:U/C:N/I:N/A:L
o CVE-2023-39352 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:L
o CVE-2023-39352 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
S:U/C:N/I:N/A:L
o CVE-2023-39353 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:L
o CVE-2023-39353 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
S:U/C:N/I:N/A:L
o CVE-2023-39354 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N
/S:U/C:N/I:N/A:H
o CVE-2023-39354 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/
S:U/C:N/I:N/A:H
o CVE-2023-39356 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:L
o CVE-2023-39356 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
S:U/C:N/I:N/A:L
o CVE-2023-40181 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:L
o CVE-2023-40181 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
S:U/C:N/I:N/A:L
o CVE-2023-40186 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:L/A:L
CVSS scores: o CVE-2023-40186 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
S:U/C:N/I:L/A:L
o CVE-2023-40188 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:L
o CVE-2023-40188 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
S:U/C:N/I:N/A:L
o CVE-2023-40567 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:L/A:L
o CVE-2023-40567 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
S:U/C:N/I:L/A:L
o CVE-2023-40569 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:L/A:L
o CVE-2023-40569 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
S:U/C:N/I:L/A:L
o CVE-2023-40574 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:L/A:L
o CVE-2023-40574 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
S:U/C:N/I:L/A:L
o CVE-2023-40575 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:L
o CVE-2023-40575 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
S:U/C:N/I:N/A:L
o CVE-2023-40576 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
/S:U/C:N/I:N/A:L
o CVE-2023-40576 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
S:U/C:N/I:N/A:L
o CVE-2023-40589 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R
/S:U/C:N/I:N/A:L
o CVE-2023-40589 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/
S:U/C:N/I:N/A:L

o SUSE Linux Enterprise High Performance Computing 12 SP5
Affected o SUSE Linux Enterprise Server 12 SP5
Products: o SUSE Linux Enterprise Server for SAP Applications 12 SP5
o SUSE Linux Enterprise Software Development Kit 12 SP5
o SUSE Linux Enterprise Workstation Extension 12 12-SP5

An update that solves 15 vulnerabilities can now be installed.

Description:

This update for freerdp fixes the following issues:

o CVE-2023-39350: Fixed incorrect offset calculation leading to DoS (bsc#
1214856).
o CVE-2023-39351: Fixed Null Pointer Dereference leading DoS in RemoteFX (bsc
#1214857).
o CVE-2023-39352: Fixed Invalid offset validation leading to Out Of Bound
Write (bsc#1214858).
o CVE-2023-39353: Fixed Missing offset validation leading to Out Of Bound
Read (bsc#1214859).
o CVE-2023-39354: Fixed Out-Of-Bounds Read in nsc_rle_decompress_data (bsc#
1214860).
o CVE-2023-39356: Fixed Missing offset validation leading to Out-of-Bounds
Read in gdi_multi_opaque_rect (bsc#1214862).
o CVE-2023-40181: Fixed Integer-Underflow leading to Out-Of-Bound Read in
zgfx_decompress_segment (bsc#1214863).
o CVE-2023-40186: Fixed IntegerOverflow leading to Out-Of-Bound Write
Vulnerability in gdi_CreateSurface (bsc#1214864).
o CVE-2023-40188: Fixed Out-Of-Bounds Read in general_LumaToYUV444 (bsc#
1214866).
o CVE-2023-40567: Fixed Out-Of-Bounds Write in clear_decompress_bands_data
(bsc#1214867).
o CVE-2023-40569: Fixed Out-Of-Bounds Write in progressive_decompress (bsc#
1214868).
o CVE-2023-40574: Fixed Out-Of-Bounds Write in
general_YUV444ToRGB_8u_P3AC4R_BGRX (bsc#1214869).
o CVE-2023-40575: Fixed Out-Of-Bounds Read in
general_YUV444ToRGB_8u_P3AC4R_BGRX (bsc#1214870).
o CVE-2023-40576: Fixed Out-Of-Bounds Read in RleDecompress (bsc#1214871).
o CVE-2023-40589: Fixed Global-Buffer-Overflow in ncrush_decompress (bsc#
1214872).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Software Development Kit 12 SP5
zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4611=1
o SUSE Linux Enterprise Workstation Extension 12 12-SP5
zypper in -t patch SUSE-SLE-WE-12-SP5-2023-4611=1

Package List:

o SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le
s390x x86_64)
? libfreerdp2-debuginfo-2.1.2-12.38.1
? freerdp-debuginfo-2.1.2-12.38.1
? libfreerdp2-2.1.2-12.38.1
? freerdp-debugsource-2.1.2-12.38.1
? libwinpr2-2.1.2-12.38.1
? winpr2-devel-2.1.2-12.38.1
? freerdp-devel-2.1.2-12.38.1
? libwinpr2-debuginfo-2.1.2-12.38.1
o SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64)
? freerdp-debuginfo-2.1.2-12.38.1
? libfreerdp2-debuginfo-2.1.2-12.38.1
? libfreerdp2-2.1.2-12.38.1
? freerdp-server-2.1.2-12.38.1
? freerdp-debugsource-2.1.2-12.38.1
? freerdp-proxy-2.1.2-12.38.1
? libwinpr2-2.1.2-12.38.1
? freerdp-2.1.2-12.38.1
? libwinpr2-debuginfo-2.1.2-12.38.1

References:

o https://www.suse.com/security/cve/CVE-2023-39350.html
o https://www.suse.com/security/cve/CVE-2023-39351.html
o https://www.suse.com/security/cve/CVE-2023-39352.html
o https://www.suse.com/security/cve/CVE-2023-39353.html
o https://www.suse.com/security/cve/CVE-2023-39354.html
o https://www.suse.com/security/cve/CVE-2023-39356.html
o https://www.suse.com/security/cve/CVE-2023-40181.html
o https://www.suse.com/security/cve/CVE-2023-40186.html
o https://www.suse.com/security/cve/CVE-2023-40188.html
o https://www.suse.com/security/cve/CVE-2023-40567.html
o https://www.suse.com/security/cve/CVE-2023-40569.html
o https://www.suse.com/security/cve/CVE-2023-40574.html
o https://www.suse.com/security/cve/CVE-2023-40575.html
o https://www.suse.com/security/cve/CVE-2023-40576.html
o https://www.suse.com/security/cve/CVE-2023-40589.html
o https://bugzilla.suse.com/show_bug.cgi?id=1214856
o https://bugzilla.suse.com/show_bug.cgi?id=1214857
o https://bugzilla.suse.com/show_bug.cgi?id=1214858
o https://bugzilla.suse.com/show_bug.cgi?id=1214859
o https://bugzilla.suse.com/show_bug.cgi?id=1214860
o https://bugzilla.suse.com/show_bug.cgi?id=1214862
o https://bugzilla.suse.com/show_bug.cgi?id=1214863
o https://bugzilla.suse.com/show_bug.cgi?id=1214864
o https://bugzilla.suse.com/show_bug.cgi?id=1214866
o https://bugzilla.suse.com/show_bug.cgi?id=1214867
o https://bugzilla.suse.com/show_bug.cgi?id=1214868
o https://bugzilla.suse.com/show_bug.cgi?id=1214869
o https://bugzilla.suse.com/show_bug.cgi?id=1214870
o https://bugzilla.suse.com/show_bug.cgi?id=1214871
o https://bugzilla.suse.com/show_bug.cgi?id=1214872

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: https://auscert.org.au/gpg-key/

iQIVAwUBZWkbi8kNZI30y1K9AQjq2A/+PvB5QrziR3zDnRpwrtW/iWi3QyhnGz81
r1yeoyJCL9ICtiQan93dVcAFpahI8cQPDogkjUwVko5M54ueTXAX5un9ZD0M6mE2
A2F2uZyAYFo0IAitOFAKq4NA9rbHhhfgkvHwgRc95OokERAc9pFuxbFkmYodLhI2
7D5cP5Ypc5aHZIaiD5N1AVfAZihQrac+WuD7quNZSvvmfbYrSgqcxtemg1IBk2jb
Gh0wKCf7uXXoyF+N3aLeiAfsVmLkGluYgZ/7tnwmsVpWKlAUGtogVuosmdSmrKf5
l5jMvIUziNCBHBYBgarKP247staGwfuxzB3NP9/XmPzbUQcFr3KxCi6G5APwcR1a
QW9abqR3L19RyN7rzMDwVcXn8FFVG1CWhdNPNul+EWXgPJCBqxRAiCfd29oVoAqr
a27VbIPuHpDUKLsEFrBHlDvLYHSXwKcpEyevjAcCLNdnnRjOHSYUnSlP7/V5Jwlm
fyGWyOP0jOPYIQ6dieRWEpBxfzlbnDvnSUjY53P+EOwOXBYUjvr+sfo/iMBBz5wD
AdWtC3S2OuH8RMXhbY3K4ZIp0Ed1qaN6Xar31S7mKgFAqIe3jgVNGEeBwQO2NBKi
NZGsQ4dF53hYAyc3BEYzE+k5enaG1SE3zBo6eOJ6bh7gTcO3HQXISQwdv4fEMA63
l+mqSIa3j8U=
=PyQY
—–END PGP SIGNATURE—–Security BulletinsRead More