Security update for freerdp SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2019:3078-1 Final 1 1 2019-11-26T16:47:17Z current 2019-11-26T16:47:17Z 2019-11-26T16:47:17Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for freerdp This update for freerdp fixes the following issues: - CVE-2019-17177: Fixed multiple memory leaks in libfreerdp/codec/region.c (bsc#1153163). - CVE-2019-17178: Fixed a memory leak in HuffmanTree_makeFromFrequencies (bsc#1153164). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2019-3078,SUSE-SLE-Module-Development-Tools-OBS-15-2019-3078,SUSE-SLE-Product-WE-15-2019-3078 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2019/suse-su-20193078-1/ Link for SUSE-SU-2019:3078-1 https://lists.suse.com/pipermail/sle-security-updates/2019-November/006185.html E-Mail link for SUSE-SU-2019:3078-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1153163 SUSE Bug 1153163 https://bugzilla.suse.com/1153164 SUSE Bug 1153164 https://www.suse.com/security/cve/CVE-2019-17177/ SUSE CVE CVE-2019-17177 page https://www.suse.com/security/cve/CVE-2019-17178/ SUSE CVE CVE-2019-17178 page SUSE Linux Enterprise Workstation Extension 15 freerdp-2.0.0~rc4-3.10.1 freerdp-devel-2.0.0~rc4-3.10.1 freerdp-server-2.0.0~rc4-3.10.1 freerdp-wayland-2.0.0~rc4-3.10.1 libfreerdp2-2.0.0~rc4-3.10.1 libuwac0-0-2.0.0~rc4-3.10.1 libwinpr2-2.0.0~rc4-3.10.1 uwac0-0-devel-2.0.0~rc4-3.10.1 winpr2-devel-2.0.0~rc4-3.10.1 freerdp-2.0.0~rc4-3.10.1 as a component of SUSE Linux Enterprise Workstation Extension 15 freerdp-devel-2.0.0~rc4-3.10.1 as a component of SUSE Linux Enterprise Workstation Extension 15 libfreerdp2-2.0.0~rc4-3.10.1 as a component of SUSE Linux Enterprise Workstation Extension 15 libwinpr2-2.0.0~rc4-3.10.1 as a component of SUSE Linux Enterprise Workstation Extension 15 winpr2-devel-2.0.0~rc4-3.10.1 as a component of SUSE Linux Enterprise Workstation Extension 15 libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. CVE-2019-17177 SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.10.1 SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.10.1 SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.10.1 SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.10.1 SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20193078-1/ https://www.suse.com/security/cve/CVE-2019-17177.html CVE-2019-17177 https://bugzilla.suse.com/1153163 SUSE Bug 1153163 HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. CVE-2019-17178 SUSE Linux Enterprise Workstation Extension 15:freerdp-2.0.0~rc4-3.10.1 SUSE Linux Enterprise Workstation Extension 15:freerdp-devel-2.0.0~rc4-3.10.1 SUSE Linux Enterprise Workstation Extension 15:libfreerdp2-2.0.0~rc4-3.10.1 SUSE Linux Enterprise Workstation Extension 15:libwinpr2-2.0.0~rc4-3.10.1 SUSE Linux Enterprise Workstation Extension 15:winpr2-devel-2.0.0~rc4-3.10.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2019/suse-su-20193078-1/ https://www.suse.com/security/cve/CVE-2019-17178.html CVE-2019-17178 https://bugzilla.suse.com/1153164 SUSE Bug 1153164