Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 530
Alerts This Week
Warning Icon 1 530

Ubuntu 18.10 and 18.04 LTS: USN-3845-2 Security Advisory for FreeRDP

ubuntu
Calendar Grey May 28, 2019
Dist Ubuntu Esm H88
Several FreeRDP security issues in Ubuntu addressed in this advisory. Updates include critical threats to services.
Several security issues were fixed in FreeRDP.

Summary

Several security issues were fixed in FreeRDP.

Software Description:

- freerdp: RDP client for Windows Terminal Services

Details:

USN-3845-1 fixed several vulnerabilities in FreeRDP. This update

provides the

corresponding update for Ubuntu 18.04 LTS and Ubuntu 18.10.

Original advisory details:

Eyal Itkin discovered FreeRDP incorrectly handled certain stream

encodings. A

malicious server could use this issue to cause FreeRDP to crash,

resulting in a

denial of service, or possibly execute arbitrary code. This issue only

applies

to Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8784, CVE-2018-8785)

Eyal Itkin discovered FreeRDP incorrectly handled bitmaps. A

malicious server

could use this issue to cause FreeRDP to crash, resulting in a denial

of

service, or possibly execute arbitrary code. (CVE-2018-8786, CVE-2018-8787)

Eyal Itkin discovered FreeRDP incorrectly handled certain stream

encodings. A

malicious server could use this issue t...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
  libfreerdp-client1.1            1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.10.1

Ubuntu 18.04 LTS:
  libfreerdp-client1.1            1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1

In general, a standard system update will make all the necessary
changes.

References

https://ubuntu.com/security/notices/USN-3845-2

https://ubuntu.com/security/notices/USN-3845-1

CVE-2018-8786, CVE-2018-8787, CVE-2018-8788, CVE-2018-8789

Severity
critical
Lowest
Low
Medium
High
Critical

May 28, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.