Release date:
2026-06-05 08:13:13 UTC
Description:
- CVE-2026-45700: fix out-of-bounds heap write in the RLE planar bitmap decoder; validate the destination X coordinate against the temp buffer stride (nTempStep) instead of the caller-provided destination stride (nDstStep)
- CVE-2026-44421: fix out-of-bounds heap write in gdi_CacheToSurface; copy only the validated, UINT16-clamped destination rectangle dimensions instead of the untruncated cache entry width/height
Updated packages:
-
freerdp-2.1.1-5.el7_9.tuxcare.els22.x86_64.rpm
sha:53b5fd2e4c9b73762af102be3b3138db693df57354666613472e7394e8a6d20e
-
freerdp-devel-2.1.1-5.el7_9.tuxcare.els22.i686.rpm
sha:4dabe342a14b17d06fede6f2900034655bbd050b22b13a554a2654666b87c997
-
freerdp-devel-2.1.1-5.el7_9.tuxcare.els22.x86_64.rpm
sha:f445f28d3400a7c1be6a029b468987d6f3c5ea843ddbbbf722234513d08af333
-
freerdp-libs-2.1.1-5.el7_9.tuxcare.els22.i686.rpm
sha:b6ad2201732dd9c665df13ff302316ebd8c94765f9792e3a85040fe9ef4a3842
-
freerdp-libs-2.1.1-5.el7_9.tuxcare.els22.x86_64.rpm
sha:a69fec8e4eb8fb08aaf288480e5850d1cb66ed7249da6396cbb34b28c007e21f
-
libwinpr-2.1.1-5.el7_9.tuxcare.els22.i686.rpm
sha:0d36779952f63e8a0c3186580995485b2ee97f5f3f9e976a3747c23b6f875e39
-
libwinpr-2.1.1-5.el7_9.tuxcare.els22.x86_64.rpm
sha:1f3bfbe0addb02c56262759f696120f9b7851a49d1972adce9928e7f3b11e75d
-
libwinpr-devel-2.1.1-5.el7_9.tuxcare.els22.i686.rpm
sha:e1b8335a0379aec479a3d4197aed7eae74298f06045be38477707e90ecb3350c
-
libwinpr-devel-2.1.1-5.el7_9.tuxcare.els22.x86_64.rpm
sha:509989db3dfb478afaeecbeba739f22d5ff35d11e5290b27c75fa0f16fe6e5bd
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
