Ubuntu Security Notice 3380-1 - It was discovered that FreeRDP incorrectly handled certain width and height values. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. It was discovered that FreeRDP incorrectly handled certain values in a Scope List. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
21a7bcf6ea1779f95874edb4e02a17ae58572f33f2ab7e0cfa75d484d24397f2==========================================================================
Ubuntu Security Notice USN-3380-1
August 07, 2017
freerdp vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in FreeRDP.
Software Description:
- freerdp: RDP client for Windows Terminal Services
Details:
It was discovered that FreeRDP incorrectly handled certain width and height
values. A malicious server could use this issue to cause FreeRDP to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only applied to Ubuntu 14.04 LTS. (CVE-2014-0250)
It was discovered that FreeRDP incorrectly handled certain values in a
Scope List. A malicious server could use this issue to cause FreeRDP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2014-0791)
Tyler Bohan discovered that FreeRDP incorrectly handled certain length
values. A malicious server could use this issue to cause FreeRDP to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2017-2834, CVE-2017-2835)
Tyler Bohan discovered that FreeRDP incorrectly handled certain packets. A
malicious server could possibly use this issue to cause FreeRDP to crash,
resulting in a denial of service. (CVE-2017-2836, CVE-2017-2837,
CVE-2017-2838, CVE-2017-2839)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.04:
libfreerdp-client1.1 1.1.0~git20140921.1.440916e+dfsg1-10ubuntu1.1
Ubuntu 16.04 LTS:
libfreerdp-client1.1 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2
Ubuntu 14.04 LTS:
libfreerdp1 1.0.2-2ubuntu1.1
In general, a standard system update will make all the necessary changes.
References:
https://www.ubuntu.com/usn/usn-3380-1
CVE-2014-0250, CVE-2014-0791, CVE-2017-2834, CVE-2017-2835,
CVE-2017-2836, CVE-2017-2837, CVE-2017-2838, CVE-2017-2839
Package Information:
https://launchpad.net/ubuntu/+source/freerdp/1.1.0~git20140921.1.440916e+dfsg1-10ubuntu1.1
https://launchpad.net/ubuntu/+source/freerdp/1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2
https://launchpad.net/ubuntu/+source/freerdp/1.0.2-2ubuntu1.1
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed