Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Ubuntu 23.04 USN-6401-1 Critical FreeRDP Input Denial of Service

ubuntu
Calendar Grey October 4, 2023
Dist Ubuntu Esm H88
Debian Security Advisory DSA-4801-1 details essential patches for OpenSSL, impacting various Debian releases.
Several security issues were fixed in FreeRDP.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in FreeRDP. Software Description: - freerdp2: RDP client for Windows Terminal Services Details: It was discovered that FreeRDP did not properly manage certain inputs. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information. (cve-2023-39350, cve-2023-39351,  CVE-2023-39353, CVE-2023-39354, CVE-2023-40181, CVE-2023-40188, CVE-2023-40589) It was discovered that FreeRDP did not properly manage certain inputs. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly execute arbitrary code. (cve-2023-40186 CVE-2023-40567, CVE-2023-40569)

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu critical fix system update input issues freerdp

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04:   libfreerdp2-2                   2.10.0+dfsg1-1ubuntu0.2 Ubuntu 22.04 LTS:   libfreerdp2-2                   2.6.1+dfsg1-3ubuntu2.4   libwinpr2-2                     2.6.1+dfsg1-3ubuntu2.4   libwinpr2-dev                   2.6.1+dfsg1-3ubuntu2.4 Ubuntu 20.04 LTS:   libfreerdp2-2                   2.2.0+dfsg1-0ubuntu0.20.04.5   libwinpr2-2                     2.2.0+dfsg1-0ubuntu0.20.04.5   libwinpr2-dev                   2.2.0+dfsg1-0ubuntu0.20.04.5 Ubuntu 18.04 LTS (Available with Ubuntu Pro):   libfreerdp2-2 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1   libwinpr2-2 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1   libwinpr2-dev 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1 In general, a standard system update will make all the necessary changes.

References

 

  CVE-2023-39350, CVE-2023-39351, CVE-2023-39353, CVE-2023-39354,

  CVE-2023-40181, CVE-2023-40186, CVE-2023-40188, CVE-2023-40567,

  CVE-2023-40569, CVE-2023-40589

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6401-1

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu critical fix system update input issues freerdp

Package Information

https://launchpad.net/ubuntu/+source/freerdp2/2.10.0+dfsg1-1ubuntu0.2 https://launchpad.net/ubuntu/+source/freerdp2/2.6.1+dfsg1-3ubuntu2.4 https://launchpad.net/ubuntu/+source/freerdp2/2.2.0+dfsg1-0ubuntu0.20.04.5

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here