USN-3845-1: FreeRDP vulnerabilities
12 December 2018
Several security issues were fixed in FreeRDP.
Releases
Packages
- freerdp - RDP client for Windows Terminal Services
- freerdp2 - RDP client for Windows Terminal Services
Details
Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A
malicious server could use this issue to cause FreeRDP to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only applies
to Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8784, CVE-2018-8785)
Eyal Itkin discovered FreeRDP incorrectly handled bitmaps. A malicious server
could use this issue to cause FreeRDP to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2018-8786, CVE-2018-8787)
Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A
malicious server could use this issue to cause FreeRDP to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only applies
to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8788)
Eyal Itkin discovered FreeRDP incorrectly handled NTLM authentication. A
malicious server could use this issue to cause FreeRDP to crash, resulting in a
denial of service, or possibly execute arbitrary code. This issue only applies
to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8789)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10
-
libfreerdp-client2-2
-
2.0.0~git20180411.1.7a7b1802+dfsg1-2ubuntu0.1
-
libfreerdp2-2
-
2.0.0~git20180411.1.7a7b1802+dfsg1-2ubuntu0.1
Ubuntu 18.04
-
libfreerdp-client2-2
-
2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1
-
libfreerdp2-2
-
2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1
Ubuntu 16.04
Ubuntu 14.04
In general, a standard system update will make all the necessary changes.
Related notices
- USN-3845-2: libfreerdp-dev, freerdp-x11, libfreerdp-core1.1, freerdp, libfreerdp-crypto1.1, libfreerdp-rail1.1, libfreerdp-cache1.1, libfreerdp-common1.1.0, libfreerdp-plugins-standard, libwinpr-credui0.1, libwinpr-error0.1, libwinpr-sspi0.1, libwinpr-sspicli0.1, libfreerdp-codec1.1, libwinpr-input0.1, libwinpr-utils0.1, libwinpr-crt0.1, libwinpr-dev, libwinpr-pool0.1, libwinpr-winsock0.1, libwinpr-synch0.1, libwinpr-handle0.1, libwinpr-timezone0.1, libfreerdp-client1.1, libwinpr-file0.1, libwinpr-interlocked0.1, libwinpr-credentials0.1, libwinpr-crypto0.1, libwinpr-environment0.1, libwinpr-sysinfo0.1, libfreerdp-primitives1.1, libfreerdp-utils1.1, libwinpr-pipe0.1, libwinpr-rpc0.1, libxfreerdp-client1.1, libwinpr-registry0.1, libwinpr-asn1-0.1, libwinpr-io0.1, libwinpr-path0.1, libwinpr-bcrypt0.1, libwinpr-dsparse0.1, libfreerdp-locale1.1, libwinpr-thread0.1, libwinpr-library0.1, libwinpr-heap0.1, libfreerdp-gdi1.1, libwinpr-winhttp0.1