USN-3845-2: FreeRDP vulnerabilities
28 May 2019
Several security issues were fixed in FreeRDP.
Releases
Packages
- freerdp - RDP client for Windows Terminal Services
Details
USN-3845-1 fixed several vulnerabilities in FreeRDP. This update provides the
corresponding update for Ubuntu 18.04 LTS and Ubuntu 18.10.
Original advisory details:
Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A
malicious server could use this issue to cause FreeRDP to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only applies
to Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8784, CVE-2018-8785)
Eyal Itkin discovered FreeRDP incorrectly handled bitmaps. A malicious server
could use this issue to cause FreeRDP to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2018-8786, CVE-2018-8787)
Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A
malicious server could use this issue to cause FreeRDP to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only applies
to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8788)
Eyal Itkin discovered FreeRDP incorrectly handled NTLM authentication. A
malicious server could use this issue to cause FreeRDP to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only applies
to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8789)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10
Ubuntu 18.04
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-3845-1: libfreerdp-core1.1, libfreerdp-codec1.1, libwinpr-path0.1, libwinpr-bcrypt0.1, libwinpr-library0.1, libwinpr-input0.1, libfreerdp-shadow-subsystem2-2, libfreerdp1, libwinpr-registry0.1, libfreerdp-shadow2-2, libwinpr-winsock0.1, libfreerdp-locale1.1, freerdp2-x11, freerdp2-dev, libwinpr-credentials0.1, freerdp2-shadow-x11, libwinpr-pipe0.1, libwinpr-rpc0.1, libwinpr-interlocked0.1, libwinpr-file0.1, libfreerdp-client1.1, libwinpr-tools2-2, freerdp, libwinpr-thread0.1, libwinpr-winhttp0.1, libfreerdp-rail1.1, libwinpr-crypto0.1, libwinpr2-2, libwinpr-heap0.1, libwinpr-environment0.1, libwinpr2-dev, libfreerdp-dev, libuwac0-0, libwinpr-timezone0.1, libuwac0-dev, libwinpr-credui0.1, libwinpr-io0.1, freerdp2, libfreerdp-server2-2, libwinpr-sspi0.1, libfreerdp-gdi1.1, libfreerdp-crypto1.1, libwinpr-utils0.1, libwinpr-crt0.1, libfreerdp-common1.1.0, libfreerdp2-2, libfreerdp-plugins-standard, freerdp2-wayland, libwinpr-sspicli0.1, winpr-utils, libfreerdp-primitives1.1, freerdp-x11, libfreerdp-utils1.1, libwinpr-asn1-0.1, libwinpr-dsparse0.1, libwinpr-pool0.1, libwinpr-synch0.1, libwinpr-sysinfo0.1, libxfreerdp-client1.1, libfreerdp-client2-2, libwinpr-dev, libfreerdp-cache1.1, libwinpr-handle0.1, libwinpr-error0.1