- Vulnerability/
- USN-3845-2
USN-3845-2: FreeRDP vulnerabilities
First published: Tue May 28 2019(Updated: )
USN-3845-1 fixed several vulnerabilities in FreeRDP. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 18.10. Original advisory details: Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8784, CVE-2018-8785) Eyal Itkin discovered FreeRDP incorrectly handled bitmaps. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-8786, CVE-2018-8787) Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8788) Eyal Itkin discovered FreeRDP incorrectly handled NTLM authentication. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applies to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8789)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libfreerdp-client1.1 | <1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.10.1 | 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.10.1 |
| Ubuntu OpenSSH Client | =18.10 | |
| All of | ||
| ubuntu/libfreerdp-client1.1 | <1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 | 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 |
| Ubuntu OpenSSH Client | =18.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2018-8786
- https://ubuntu.com/security/CVE-2018-8787
- https://ubuntu.com/security/CVE-2018-8788
- https://ubuntu.com/security/CVE-2018-8789
- https://ubuntu.com/security/notices/USN-3845-1
- https://launchpad.net/ubuntu/+source/freerdp/1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.10.1
- https://launchpad.net/ubuntu/+source/freerdp/1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1
- https://ubuntu.com/security/notices/USN-3845-2 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What vulnerabilities are addressed in USN-3845-2?
USN-3845-2 addresses vulnerabilities in FreeRDP that improperly handle certain stream encodings.
What is the severity of USN-3845-2?
The severity of the vulnerabilities fixed in USN-3845-2 is critical, as they allow exploitation by a malicious server.
How do I fix the vulnerabilities in USN-3845-2?
To fix the vulnerabilities in USN-3845-2, upgrade to libfreerdp-client1.1 version 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1 or 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.10.1 depending on your Ubuntu version.
Which versions of Ubuntu are affected by USN-3845-2?
USN-3845-2 affects Ubuntu versions 18.04 LTS and 18.10.
What is FreeRDP and why is it important to update as per USN-3845-2?
FreeRDP is an open-source implementation of the Microsoft RDP, and updating it as per USN-3845-2 is crucial to protect against potential exploitation from malicious servers.
- agent/severity
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/type
- agent/title
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu openssh client
- version/ubuntu openssh client/18.10
- version/ubuntu openssh client/18.04