{"id":"USN-3845-2","summary":"freerdp vulnerabilities","details":"USN-3845-1 fixed several vulnerabilities in FreeRDP. This update provides the\ncorresponding update for Ubuntu 18.04 LTS and Ubuntu 18.10.\n\nOriginal advisory details:\n\n Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings.  A\n malicious server could use this issue to cause FreeRDP to crash, resulting in a\n denial of service, or possibly execute arbitrary code. This issue only applies\n to Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8784, CVE-2018-8785)\n \n Eyal Itkin discovered FreeRDP incorrectly handled bitmaps.  A malicious server\n could use this issue to cause FreeRDP to crash, resulting in a denial of\n service, or possibly execute arbitrary code. (CVE-2018-8786, CVE-2018-8787)\n \n Eyal Itkin discovered FreeRDP incorrectly handled certain stream encodings.  A\n malicious server could use this issue to cause FreeRDP to crash, resulting in a\n denial of service, or possibly execute arbitrary code. This issue only applies\n to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8788)\n \n Eyal Itkin discovered FreeRDP incorrectly handled NTLM authentication.  A\n malicious server could use this issue to cause FreeRDP to crash, resulting in a\n denial of service, or possibly execute arbitrary code. This issue only applies\n to Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 18.10. (CVE-2018-8789)\n","modified":"2026-02-10T04:41:27Z","published":"2019-05-28T15:34:12Z","related":["UBUNTU-CVE-2018-8786","UBUNTU-CVE-2018-8787","UBUNTU-CVE-2018-8788","UBUNTU-CVE-2018-8789"],"upstream":["CVE-2018-8786","CVE-2018-8787","CVE-2018-8788","CVE-2018-8789","UBUNTU-CVE-2018-8786","UBUNTU-CVE-2018-8787","UBUNTU-CVE-2018-8788","UBUNTU-CVE-2018-8789"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3845-2"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-8786"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-8787"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-8788"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-8789"}],"affected":[{"package":{"name":"freerdp","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/freerdp@1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"}]}],"versions":["1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"freerdp-x11","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libfreerdp-cache1.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libfreerdp-client1.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libfreerdp-codec1.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libfreerdp-common1.1.0","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libfreerdp-core1.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libfreerdp-crypto1.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libfreerdp-dev","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libfreerdp-gdi1.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libfreerdp-locale1.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libfreerdp-plugins-standard","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libfreerdp-primitives1.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libfreerdp-rail1.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libfreerdp-utils1.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-asn1-0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-bcrypt0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-credentials0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-credui0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-crt0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-crypto0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-dev","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-dsparse0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-environment0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-error0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-file0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-handle0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-heap0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-input0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-interlocked0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-io0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-library0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-path0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-pipe0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-pool0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-registry0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-rpc0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-sspi0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-sspicli0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-synch0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-sysinfo0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-thread0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-timezone0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-utils0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-winhttp0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libwinpr-winsock0.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"},{"binary_name":"libxfreerdp-client1.1","binary_version":"1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2018-8786"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2018-8787"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2018-8788"},{"severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"type":"Ubuntu","score":"medium"}],"id":"CVE-2018-8789"}],"ecosystem":"Ubuntu:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3845-2.json"}}],"schema_version":"1.7.3"}