Ubuntu 18.10 and 18.04 LTS: USN-3845-2 Security Advisory for FreeRDP
May 28, 2019
•
LinuxSecurity Advisories
1 - 2 min read
Several security issues were fixed in FreeRDP.
========================================================================Ubuntu Security Notice USN-3845-2 May 28, 2019 freerdp vulnerabilities ======================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.10 - Ubuntu 18.04 LTS Summary: Several security issues were fixed in FreeRDP. Software Description: - freerdp: RDP client for Windows Terminal Services Details: USN-3845-1 fixed several vulnerabilities in FreeRDP. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 18.10. Original advisory details: Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8784, CVE-2018-8785) Eyal Itkin discovered FreeRDP incorrectly handled bitmaps. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-8786, CVE-2018-8787) Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8788) Eyal Itkin discovered FreeRDP incorrectly handled NTLM authentication. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8789) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: libfreerdp-client1.1 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.10.1 Ubuntu 18.04 LTS: libfreerdp-client1.1 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-3845-2 https://ubuntu.com/security/notices/USN-3845-1 CVE-2018-8786, CVE-2018-8787, CVE-2018-8788, CVE-2018-8789 Package Information: https://launchpad.net/ubuntu/+source/freerdp/1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.10.1 https://launchpad.net/ubuntu/+source/freerdp/1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1
PREVIOUS
NEXT
Ubuntu 18.10 and 18.04 LTS: USN-3845-2 Security Advisory for FreeRDP
ubuntu
May 28, 2019
Several security issues were fixed in FreeRDP.
Summary
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: libfreerdp-client1.1 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.10.1 Ubuntu 18.04 LTS: libfreerdp-client1.1 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-3845-2
https://ubuntu.com/security/notices/USN-3845-1
CVE-2018-8786, CVE-2018-8787, CVE-2018-8788, CVE-2018-8789
Severity
critical
Lowest
Low
Medium
High
Critical
May 28, 2019
Package Information
https://launchpad.net/ubuntu/+source/freerdp/1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.10.1 https://launchpad.net/ubuntu/+source/freerdp/1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!