Release date:
2026-05-05 21:09:06 UTC
Description:
- CVE-2026-33985: fix information leak in ClearCodec glyph index decode;
validate nWidth*nHeight for overflow and update glyphEntry->count only
after a successful realloc so subsequent reads cannot expose adjacent
heap memory
- CVE-2022-39283: fix missing length check in /video channel data handler;
verify the stream contains cbSample bytes before using Stream_Pointer(),
preventing decode of uninitialized data past the received payload
- CVE-2022-39282: fix length handling in /parallel driver; zero-initialize
the read buffer with calloc and return only the bytes actually read from
the port, preventing leakage of uninitialized client memory to the server
Updated packages:
-
freerdp-2.1.1-5.el7_9.tuxcare.els20.x86_64.rpm
sha:b8992325298a5e687accb755b11e31d762e42ec8c60d6009bb3e0a71a46f35ad
-
freerdp-devel-2.1.1-5.el7_9.tuxcare.els20.i686.rpm
sha:70ebe505309e5a1e802205ad01dbc3c4e5ef2c37885baa009c0d7fd0b62cce88
-
freerdp-devel-2.1.1-5.el7_9.tuxcare.els20.x86_64.rpm
sha:e01b80c05b8859091ff04ef3f3312dfbcb79673532f73957f4969269761df245
-
freerdp-libs-2.1.1-5.el7_9.tuxcare.els20.i686.rpm
sha:c62e1c8d6c84a9c72b377dc9989421a7a75e63ff8718b5abf3a7c1785e9fe38f
-
freerdp-libs-2.1.1-5.el7_9.tuxcare.els20.x86_64.rpm
sha:71ab29780b7f627a9cc54e783b051ee4de310002129c3eac554ee0e20cf056e9
-
libwinpr-2.1.1-5.el7_9.tuxcare.els20.i686.rpm
sha:d7aff45490ebb5ab4c4b4145262f95d8c31fa1b1794d2c4678de8af8453b1a72
-
libwinpr-2.1.1-5.el7_9.tuxcare.els20.x86_64.rpm
sha:2e1c7ee1aefb8fd125924aa8d7f14d0d7cd01f435abbcc72ea1c7051096e8d4d
-
libwinpr-devel-2.1.1-5.el7_9.tuxcare.els20.i686.rpm
sha:78454c8aa9adb3844e3aff2f4e5cec6043acff51d3451709da7166a84cfaf37e
-
libwinpr-devel-2.1.1-5.el7_9.tuxcare.els20.x86_64.rpm
sha:f2a016fed5b11682774db12440be6a492f3d0dfad2e40a102d2656c3918c69a2
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
