Security update for freerdp SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:2604-1 Final 1 1 2019-12-01T19:15:29Z current 2019-12-01T19:15:29Z 2019-12-01T19:15:29Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for freerdp This update for freerdp fixes the following issues: - CVE-2019-17177: Fixed multiple memory leaks in libfreerdp/codec/region.c (bsc#1153163). - CVE-2019-17178: Fixed a memory leak in HuffmanTree_makeFromFrequencies (bsc#1153164). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-2604 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2N44X27V2TK7I3SKVF6V4UEMZWFQGQR5/#2N44X27V2TK7I3SKVF6V4UEMZWFQGQR5 E-Mail link for openSUSE-SU-2019:2604-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1153163 SUSE Bug 1153163 https://bugzilla.suse.com/1153164 SUSE Bug 1153164 https://www.suse.com/security/cve/CVE-2019-17177/ SUSE CVE CVE-2019-17177 page https://www.suse.com/security/cve/CVE-2019-17178/ SUSE CVE CVE-2019-17178 page openSUSE Leap 15.0 freerdp-2.0.0~rc4-lp150.10.1 freerdp-devel-2.0.0~rc4-lp150.10.1 freerdp-server-2.0.0~rc4-lp150.10.1 freerdp-wayland-2.0.0~rc4-lp150.10.1 libfreerdp2-2.0.0~rc4-lp150.10.1 libuwac0-0-2.0.0~rc4-lp150.10.1 libwinpr2-2.0.0~rc4-lp150.10.1 uwac0-0-devel-2.0.0~rc4-lp150.10.1 winpr2-devel-2.0.0~rc4-lp150.10.1 freerdp-2.0.0~rc4-lp150.10.1 as a component of openSUSE Leap 15.0 freerdp-devel-2.0.0~rc4-lp150.10.1 as a component of openSUSE Leap 15.0 freerdp-server-2.0.0~rc4-lp150.10.1 as a component of openSUSE Leap 15.0 freerdp-wayland-2.0.0~rc4-lp150.10.1 as a component of openSUSE Leap 15.0 libfreerdp2-2.0.0~rc4-lp150.10.1 as a component of openSUSE Leap 15.0 libuwac0-0-2.0.0~rc4-lp150.10.1 as a component of openSUSE Leap 15.0 libwinpr2-2.0.0~rc4-lp150.10.1 as a component of openSUSE Leap 15.0 uwac0-0-devel-2.0.0~rc4-lp150.10.1 as a component of openSUSE Leap 15.0 winpr2-devel-2.0.0~rc4-lp150.10.1 as a component of openSUSE Leap 15.0 libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. CVE-2019-17177 openSUSE Leap 15.0:freerdp-2.0.0~rc4-lp150.10.1 openSUSE Leap 15.0:freerdp-devel-2.0.0~rc4-lp150.10.1 openSUSE Leap 15.0:freerdp-server-2.0.0~rc4-lp150.10.1 openSUSE Leap 15.0:freerdp-wayland-2.0.0~rc4-lp150.10.1 openSUSE Leap 15.0:libfreerdp2-2.0.0~rc4-lp150.10.1 openSUSE Leap 15.0:libuwac0-0-2.0.0~rc4-lp150.10.1 openSUSE Leap 15.0:libwinpr2-2.0.0~rc4-lp150.10.1 openSUSE Leap 15.0:uwac0-0-devel-2.0.0~rc4-lp150.10.1 openSUSE Leap 15.0:winpr2-devel-2.0.0~rc4-lp150.10.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2N44X27V2TK7I3SKVF6V4UEMZWFQGQR5/#2N44X27V2TK7I3SKVF6V4UEMZWFQGQR5 https://www.suse.com/security/cve/CVE-2019-17177.html CVE-2019-17177 https://bugzilla.suse.com/1153163 SUSE Bug 1153163 HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. CVE-2019-17178 openSUSE Leap 15.0:freerdp-2.0.0~rc4-lp150.10.1 openSUSE Leap 15.0:freerdp-devel-2.0.0~rc4-lp150.10.1 openSUSE Leap 15.0:freerdp-server-2.0.0~rc4-lp150.10.1 openSUSE Leap 15.0:freerdp-wayland-2.0.0~rc4-lp150.10.1 openSUSE Leap 15.0:libfreerdp2-2.0.0~rc4-lp150.10.1 openSUSE Leap 15.0:libuwac0-0-2.0.0~rc4-lp150.10.1 openSUSE Leap 15.0:libwinpr2-2.0.0~rc4-lp150.10.1 openSUSE Leap 15.0:uwac0-0-devel-2.0.0~rc4-lp150.10.1 openSUSE Leap 15.0:winpr2-devel-2.0.0~rc4-lp150.10.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2N44X27V2TK7I3SKVF6V4UEMZWFQGQR5/#2N44X27V2TK7I3SKVF6V4UEMZWFQGQR5 https://www.suse.com/security/cve/CVE-2019-17178.html CVE-2019-17178 https://bugzilla.suse.com/1153164 SUSE Bug 1153164