Ubuntu 3845-2: FreeRDP vulnerabilities

    Date28 May 2019
    46
    Posted ByLinuxSecurity Advisories
    Several security issues were fixed in FreeRDP.
    =======================================================================
    ===
    Ubuntu Security Notice USN-3845-2
    May 28, 2019
    
    freerdp vulnerabilities
    =======================================================================
    ===
    
    A security issue affects these releases of Ubuntu and its derivatives:
    
    - Ubuntu 18.10
    - Ubuntu 18.04 LTS
    
    Summary:
    
    Several security issues were fixed in FreeRDP.
    
    Software Description:
    - freerdp: RDP client for Windows Terminal Services
    
    Details:
    
    USN-3845-1 fixed several vulnerabilities in FreeRDP. This update
    provides the
    corresponding update for Ubuntu 18.04 LTS and Ubuntu 18.10.
    
    Original advisory details:
    
     Eyal Itkin discovered FreeRDP incorrectly handled certain stream
    encodings.  A
     malicious server could use this issue to cause FreeRDP to crash,
    resulting in a
     denial of service, or possibly execute arbitrary code. This issue only
    applies
     to Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8784, CVE-2018-8785)
     
     Eyal Itkin discovered FreeRDP incorrectly handled bitmaps.  A
    malicious server
     could use this issue to cause FreeRDP to crash, resulting in a denial
    of
     service, or possibly execute arbitrary code. (CVE-2018-8786, CVE-2018-
    8787)
     
     Eyal Itkin discovered FreeRDP incorrectly handled certain stream
    encodings.  A
     malicious server could use this issue to cause FreeRDP to crash,
    resulting in a
     denial of service, or possibly execute arbitrary code. This issue only
    applies
     to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-
    8788)
     
     Eyal Itkin discovered FreeRDP incorrectly handled NTLM
    authentication.  A
     malicious server could use this issue to cause FreeRDP to crash,
    resulting in a
     denial of service, or possibly execute arbitrary code. This issue only
    applies
     to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-
    8789)
    
    Update instructions:
    
    The problem can be corrected by updating your system to the following
    package versions:
    
    Ubuntu 18.10:
      libfreerdp-client1.1            1.1.0~git20140921.1.440916e+dfsg1-
    15ubuntu1.18.10.1
    
    Ubuntu 18.04 LTS:
      libfreerdp-client1.1            1.1.0~git20140921.1.440916e+dfsg1-
    15ubuntu1.18.04.1
    
    In general, a standard system update will make all the necessary
    changes.
    
    References:
      https://usn.ubuntu.com/usn/usn-3845-2
      https://usn.ubuntu.com/usn/usn-3845-1
      CVE-2018-8786, CVE-2018-8787, CVE-2018-8788, CVE-2018-8789
    
    Package Information:
      
    https://launchpad.net/ubuntu/+source/freerdp/1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.10.1
      
    https://launchpad.net/ubuntu/+source/freerdp/1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1
    

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/25-what-do-you-think-of-the-linuxsecurity-privacy-news-articles?task=poll.vote&format=json
    25
    radio
    [{"id":"90","title":"Love them!","votes":"53","type":"x","order":"1","pct":86.89,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"6","type":"x","order":"2","pct":9.84,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"2","type":"x","order":"3","pct":3.28,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.