ESB-2018.3856 - [Win][Linux][Ubuntu][Mac] FreeRDP: Multiple vulnerabilities 2018-12-13

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.3856
                          FreeRDP vulnerabilities
                             13 December 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           freerdp
                   freerdp2
Publisher:         Ubuntu
Operating System:  Ubuntu
                   Linux variants
                   Windows
                   Mac OS
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-8789 CVE-2018-8788 CVE-2018-8787
                   CVE-2018-8786 CVE-2018-8785 CVE-2018-8784

Original Bulletin: 
   http://www.ubuntu.com/usn/usn-3845-1

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Ubuntu. It is recommended that administrators 
         running freerdp or freerdp2 check for an updated version of the 
         software for their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

==========================================================================
Ubuntu Security Notice USN-3845-1
December 12, 2018

freerdp, freerdp2 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its 
derivatives:

- - Ubuntu 18.10
- - Ubuntu 18.04 LTS
- - Ubuntu 16.04 LTS
- - Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in FreeRDP.

Software Description:
- - freerdp2: RDP client for Windows Terminal Services
- - freerdp: RDP client for Windows Terminal Services

Details:

Eyal Itkin discovered FreeRDP incorrectly handled certain stream 
encodings.  A malicious server could use this issue to cause 
FreeRDP to crash, resulting in a denial of service, or possibly 
execute arbitrary code. This issue only applies to Ubuntu 18.04 
LTS and Ubuntu 18.10. (CVE-2018-8784, CVE-2018-8785)

Eyal Itkin discovered FreeRDP incorrectly handled bitmaps.  A 
malicious server could use this issue to cause FreeRDP to crash, 
resulting in a denial of service, or possibly execute arbitrary 
code. (CVE-2018-8786, CVE-2018-8787)

Eyal Itkin discovered FreeRDP incorrectly handled certain stream 
encodings.  A malicious server could use this issue to cause 
FreeRDP to crash, resulting in a denial of service, or possibly 
execute arbitrary code. This issue only applies to Ubuntu 16.04 
LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8788)

Eyal Itkin discovered FreeRDP incorrectly handled NTLM 
authentication.  A malicious server could use this issue to cause 
FreeRDP to crash, resulting in a denial of service, or possibly 
execute arbitrary code. This issue only applies to Ubuntu 16.04 
LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8789)

Update instructions:

The problem can be corrected by updating your system to the 
following package versions:

Ubuntu 18.10:
  libfreerdp-client2-2 
  2.0.0~git20180411.1.7a7b1802+dfsg1-2ubuntu0.1
  libfreerdp2-2 
  2.0.0~git20180411.1.7a7b1802+dfsg1-2ubuntu0.1

Ubuntu 18.04 LTS:
  libfreerdp-client2-2 
  2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1
  libfreerdp2-2 
  2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1

Ubuntu 16.04 LTS:
  libfreerdp-client1.1 
  1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3

Ubuntu 14.04 LTS:
  libfreerdp1                     1.0.2-2ubuntu1.2

In general, a standard system update will make all the necessary 
changes.

References:
  https://usn.ubuntu.com/usn/usn-3845-1
  CVE-2018-8784, CVE-2018-8785, CVE-2018-8786, CVE-2018-8787, 
  CVE-2018-8788, CVE-2018-8789

Package Information:
  https://launchpad.net/ubuntu/+source/freerdp2/2.0.0~git20180411.1.7a7b1802+dfsg1-2ubuntu0.1
  https://launchpad.net/ubuntu/+source/freerdp2/2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1
  https://launchpad.net/ubuntu/+source/freerdp/1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3
  https://launchpad.net/ubuntu/+source/freerdp/1.0.2-2ubuntu1.2

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXBHR+GaOgq3Tt24GAQguaA/9G1EbYOMEPDQCtCkzxnr6gPGwijkyb+sF
FUFzH4Eh8/ErTJzWIGFgTk+mpl5RjagmvAfoD4v/XH53mjfMWwTIbZDnuJD4UbBf
BgUI82jh3HATbwwD8YNT54xXmv5Z9JeRRTjiB4aLQ6GeCtCdfvG5bUe1NYbM7AVr
bqM9VV57KyGnovwSYwRNPUR4l/JgtXEWiGArd2b6rfhl+/8IK1VbEbRf9z8x6ejk
dO+TO0aRD+LcKA2a4oraOEyfauXx93R1YUxggfg/KhsipZA00kyAR5gasyTiCooi
NfkAm6CNtOKhCruywBo4P5XzxVLG8gH4pX9ViuJUC+f27y3138ehCSjFkKIJ36LC
z0fIHy2l84fjMyzOR1msBmyc82FacHi0/qmgnzF/6Gu4Ab5T+rP3JD/y+C3m9xL9
guHa+6PF9f7HElX16SHU5GKzgY92kMIxyog18cVi6ZVXJHRe/chDCuJedsGQ0wZ+
Cz7Clo1aKi2nqODIK05PWttVnZx63ydFO7YGq4Azxn1EWRPb6ZSlmZvIAycdxYiN
iPZj2yXpMP4yZIkV7/P+gmzSWIaVUP3UWRCtz97zUuNVj1RZ1JyqyAPwYvyC1eyf
KjJ+qsI80rV7JQnEZrR8SpRiIaPP44EifaawLFg9sSvhFb6i1WxFNAJ+GtroVHmx
fU6+hIeliHo=
=KV0A
-----END PGP SIGNATURE-----

« Back to bulletins