Fedora Linux 8731 Published by

The following security updates have been released for Fedora Linux:

Fedora 38 Update: freerdp-2.11.7-1.fc38
Fedora 40 Update: pypy-7.3.15-3.fc40
Fedora 40 Update: freerdp2-2.11.7-1.fc40
Fedora 40 Update: freerdp-3.5.1-1.fc40




Fedora 38 Update: freerdp-2.11.7-1.fc38


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-c702ea0fb1
2024-05-09 01:48:06.404533
--------------------------------------------------------------------------------

Name : freerdp
Product : Fedora 38
Version : 2.11.7
Release : 1.fc38
URL : http://www.freerdp.com/
Summary : Free implementation of the Remote Desktop Protocol (RDP)
Description :
The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP
project.

xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows
machines, xrdp and VirtualBox.

--------------------------------------------------------------------------------
Update Information:

Update to 2.11.7 (CVE-2024-32039, CVE-2024-32040, CVE-2024-32041,
CVE-2024-32458, CVE-2024-32459, CVE-2024-32460, CVE-2024-32658, CVE-2024-32659,
CVE-2024-32660, CVE-2024-32661, CVE-2024-32662)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 23 2024 Ondrej Holy [oholy@redhat.com] - 2:2.11.7-1
- Update to 2.11.7
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2276721 - CVE-2024-32459 freerdp: out-of-bounds read in ncrush_decompress
https://bugzilla.redhat.com/show_bug.cgi?id=2276721
[ 2 ] Bug #2276722 - CVE-2024-32460 freerdp: OutOfBound Read in interleaved_decompress
https://bugzilla.redhat.com/show_bug.cgi?id=2276722
[ 3 ] Bug #2276723 - CVE-2024-32039 freerdp: Integer overflow & OutOfBound Write in clear_decompress_residual_data
https://bugzilla.redhat.com/show_bug.cgi?id=2276723
[ 4 ] Bug #2276724 - CVE-2024-32040 freerdp: integer underflow in nsc_rle_decode
https://bugzilla.redhat.com/show_bug.cgi?id=2276724
[ 5 ] Bug #2276725 - CVE-2024-32041 freerdp: OutOfBound Read in zgfx_decompress_segment
https://bugzilla.redhat.com/show_bug.cgi?id=2276725
[ 6 ] Bug #2276726 - CVE-2024-32458 freerdp: OutOfBound Read in planar_skip_plane_rle
https://bugzilla.redhat.com/show_bug.cgi?id=2276726
[ 7 ] Bug #2276804 - CVE-2024-32662 freerdp: out-of-bounds read
https://bugzilla.redhat.com/show_bug.cgi?id=2276804
[ 8 ] Bug #2276961 - CVE-2024-32658 FreeRDP: ExtractRunLengthRegular* out of bound read
https://bugzilla.redhat.com/show_bug.cgi?id=2276961
[ 9 ] Bug #2276968 - CVE-2024-32660 freerdp: zgfx_decompress out of memory
https://bugzilla.redhat.com/show_bug.cgi?id=2276968
[ 10 ] Bug #2276970 - CVE-2024-32659 freerdp: freerdp_image_copy out of bound read
https://bugzilla.redhat.com/show_bug.cgi?id=2276970
[ 11 ] Bug #2276971 - CVE-2024-32661 freerdp: rdp_write_logon_info_v1 NULL access
https://bugzilla.redhat.com/show_bug.cgi?id=2276971
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-c702ea0fb1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 40 Update: pypy-7.3.15-3.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-612986fdfa
2024-05-09 01:38:47.479807
--------------------------------------------------------------------------------

Name : pypy
Product : Fedora 40
Version : 7.3.15
Release : 3.fc40
URL : https://www.pypy.org/
Summary : Python implementation with a Just-In-Time compiler
Description :
PyPy's implementation of Python, featuring a Just-In-Time compiler on some CPU
architectures, and various optimized implementations of the standard types
(strings, dictionaries, etc)

This build of PyPy has JIT-compilation enabled.

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-5752 (in the bundled pip).
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 30 2024 Charalampos Stratakis [cstratak@redhat.com] - 7.3.15-3
- Security fix for CVE-2023-5752 for the bundled pip wheel
- Resolves: rhbz#2250771
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2250765 - CVE-2023-5752 pip: Mercurial configuration injectable in repo revision when installing via pip
https://bugzilla.redhat.com/show_bug.cgi?id=2250765
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-612986fdfa' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 40 Update: freerdp2-2.11.7-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-982a7184e0
2024-05-09 01:38:47.479723
--------------------------------------------------------------------------------

Name : freerdp2
Product : Fedora 40
Version : 2.11.7
Release : 1.fc40
URL : http://www.freerdp.com/
Summary : Free implementation of the Remote Desktop Protocol (RDP)
Description :
The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP
project.

xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows
machines, xrdp and VirtualBox.

--------------------------------------------------------------------------------
Update Information:

Update to 2.11.7 (CVE-2024-32039, CVE-2024-32040, CVE-2024-32041,
CVE-2024-32458, CVE-2024-32459, CVE-2024-32460, CVE-2024-32658, CVE-2024-32659,
CVE-2024-32660, CVE-2024-32661, CVE-2024-32662)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 23 2024 Ondrej Holy [oholy@redhat.com] - 2:2.11.7-1
- Update to 2.11.7
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2276721 - CVE-2024-32459 freerdp: out-of-bounds read in ncrush_decompress
https://bugzilla.redhat.com/show_bug.cgi?id=2276721
[ 2 ] Bug #2276722 - CVE-2024-32460 freerdp: OutOfBound Read in interleaved_decompress
https://bugzilla.redhat.com/show_bug.cgi?id=2276722
[ 3 ] Bug #2276723 - CVE-2024-32039 freerdp: Integer overflow & OutOfBound Write in clear_decompress_residual_data
https://bugzilla.redhat.com/show_bug.cgi?id=2276723
[ 4 ] Bug #2276724 - CVE-2024-32040 freerdp: integer underflow in nsc_rle_decode
https://bugzilla.redhat.com/show_bug.cgi?id=2276724
[ 5 ] Bug #2276725 - CVE-2024-32041 freerdp: OutOfBound Read in zgfx_decompress_segment
https://bugzilla.redhat.com/show_bug.cgi?id=2276725
[ 6 ] Bug #2276726 - CVE-2024-32458 freerdp: OutOfBound Read in planar_skip_plane_rle
https://bugzilla.redhat.com/show_bug.cgi?id=2276726
[ 7 ] Bug #2276804 - CVE-2024-32662 freerdp: out-of-bounds read
https://bugzilla.redhat.com/show_bug.cgi?id=2276804
[ 8 ] Bug #2276961 - CVE-2024-32658 FreeRDP: ExtractRunLengthRegular* out of bound read
https://bugzilla.redhat.com/show_bug.cgi?id=2276961
[ 9 ] Bug #2276968 - CVE-2024-32660 freerdp: zgfx_decompress out of memory
https://bugzilla.redhat.com/show_bug.cgi?id=2276968
[ 10 ] Bug #2276970 - CVE-2024-32659 freerdp: freerdp_image_copy out of bound read
https://bugzilla.redhat.com/show_bug.cgi?id=2276970
[ 11 ] Bug #2276971 - CVE-2024-32661 freerdp: rdp_write_logon_info_v1 NULL access
https://bugzilla.redhat.com/show_bug.cgi?id=2276971
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-982a7184e0' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--



Fedora 40 Update: freerdp-3.5.1-1.fc40


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-050266dc33
2024-05-09 01:38:47.479681
--------------------------------------------------------------------------------

Name : freerdp
Product : Fedora 40
Version : 3.5.1
Release : 1.fc40
URL : http://www.freerdp.com/
Summary : Free implementation of the Remote Desktop Protocol (RDP)
Description :
The xfreerdp & wlfreerdp Remote Desktop Protocol (RDP) clients from the FreeRDP
project.

xfreerdp & wlfreerdp can connect to RDP servers such as Microsoft Windows
machines, xrdp and VirtualBox.

--------------------------------------------------------------------------------
Update Information:

Update to 3.5.1 (CVE-2024-32039, CVE-2024-32040, CVE-2024-32041, CVE-2024-32458,
CVE-2024-32459, CVE-2024-32460, CVE-2024-32658, CVE-2024-32659, CVE-2024-32660,
CVE-2024-32661, CVE-2024-32662)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 23 2024 Ondrej Holy [oholy@redhat.com] - 2:3.5.1-1
- Update to 3.5.1
* Wed Apr 17 2024 Ondrej Holy [oholy@redhat.com] - 2:3.5.0-1
- Update to 3.5.0 (CVE-2024-32039, CVE-2024-32040, CVE-2024-32041,
CVE-2024-32458, CVE-2024-32459, CVE-2024-32460)
* Mon Mar 25 2024 Ondrej Holy [oholy@redhat.com] - 2:3.4.0-2
- Disable unwanted dependencies for RHEL
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2276721 - CVE-2024-32459 freerdp: out-of-bounds read in ncrush_decompress
https://bugzilla.redhat.com/show_bug.cgi?id=2276721
[ 2 ] Bug #2276722 - CVE-2024-32460 freerdp: OutOfBound Read in interleaved_decompress
https://bugzilla.redhat.com/show_bug.cgi?id=2276722
[ 3 ] Bug #2276723 - CVE-2024-32039 freerdp: Integer overflow & OutOfBound Write in clear_decompress_residual_data
https://bugzilla.redhat.com/show_bug.cgi?id=2276723
[ 4 ] Bug #2276724 - CVE-2024-32040 freerdp: integer underflow in nsc_rle_decode
https://bugzilla.redhat.com/show_bug.cgi?id=2276724
[ 5 ] Bug #2276725 - CVE-2024-32041 freerdp: OutOfBound Read in zgfx_decompress_segment
https://bugzilla.redhat.com/show_bug.cgi?id=2276725
[ 6 ] Bug #2276726 - CVE-2024-32458 freerdp: OutOfBound Read in planar_skip_plane_rle
https://bugzilla.redhat.com/show_bug.cgi?id=2276726
[ 7 ] Bug #2276804 - CVE-2024-32662 freerdp: out-of-bounds read
https://bugzilla.redhat.com/show_bug.cgi?id=2276804
[ 8 ] Bug #2276961 - CVE-2024-32658 FreeRDP: ExtractRunLengthRegular* out of bound read
https://bugzilla.redhat.com/show_bug.cgi?id=2276961
[ 9 ] Bug #2276968 - CVE-2024-32660 freerdp: zgfx_decompress out of memory
https://bugzilla.redhat.com/show_bug.cgi?id=2276968
[ 10 ] Bug #2276970 - CVE-2024-32659 freerdp: freerdp_image_copy out of bound read
https://bugzilla.redhat.com/show_bug.cgi?id=2276970
[ 11 ] Bug #2276971 - CVE-2024-32661 freerdp: rdp_write_logon_info_v1 NULL access
https://bugzilla.redhat.com/show_bug.cgi?id=2276971
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-050266dc33' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--