Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Ubuntu 23.04 USN-6401-1 Critical FreeRDP Input Denial of Service

ubuntu
Calendar Grey October 4, 2023
Dist Ubuntu Esm H88
Debian Security Advisory DSA-4801-1 details essential patches for OpenSSL, impacting various Debian releases.
Several security issues were fixed in FreeRDP.

Summary

Several security issues were fixed in FreeRDP.

Software Description:

- freerdp2: RDP client for Windows Terminal Services

Details:

It was discovered that FreeRDP did not properly manage certain inputs. A

malicious server could use this issue to cause FreeRDP clients to crash,

resulting in a denial of service, or possibly obtain sensitive

information. (cve-2023-39350, cve-2023-39351,  CVE-2023-39353,

CVE-2023-39354, CVE-2023-40181, CVE-2023-40188, CVE-2023-40589)

It was discovered that FreeRDP did not properly manage certain inputs. A

malicious server could use this issue to cause FreeRDP clients to crash,

resulting in a denial of service, or possibly execute arbitrary code.

(cve-2023-40186 CVE-2023-40567, CVE-2023-40569)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.04:
   libfreerdp2-2                   2.10.0+dfsg1-1ubuntu0.2

Ubuntu 22.04 LTS:
   libfreerdp2-2                   2.6.1+dfsg1-3ubuntu2.4
   libwinpr2-2                     2.6.1+dfsg1-3ubuntu2.4
   libwinpr2-dev                   2.6.1+dfsg1-3ubuntu2.4

Ubuntu 20.04 LTS:
   libfreerdp2-2                   2.2.0+dfsg1-0ubuntu0.20.04.5
   libwinpr2-2                     2.2.0+dfsg1-0ubuntu0.20.04.5
   libwinpr2-dev                   2.2.0+dfsg1-0ubuntu0.20.04.5

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   libfreerdp2-2 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1
   libwinpr2-2 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1
   libwinpr2-dev 2.2.0+dfsg1-0ubuntu0.18.04.4+esm1

In general, a standard system update will make all the necessary changes.

References

 

  CVE-2023-39350, CVE-2023-39351, CVE-2023-39353, CVE-2023-39354,

  CVE-2023-40181, CVE-2023-40186, CVE-2023-40188, CVE-2023-40567,

  CVE-2023-40569, CVE-2023-40589

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6401-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here