This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============5033177100068893677== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="3dbcVVp7SRbX9mkEbGgjG3ub0lWoe4qB8"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --3dbcVVp7SRbX9mkEbGgjG3ub0lWoe4qB8 Content-Type: multipart/mixed; boundary="cqLSVToOb3XnbRT16gpTD7tf5TgX8BU5f"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <6af4a195-d34d-b9bf-461e-2d76e58b5113@canonical.com> Subject: [USN-3380-1] FreeRDP vulnerabilities
--cqLSVToOb3XnbRT16gpTD7tf5TgX8BU5f Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3380-1 August 07, 2017
freerdp vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in FreeRDP.
Software Description: - freerdp: RDP client for Windows Terminal Services
Details:
It was discovered that FreeRDP incorrectly handled certain width and height values. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. (CVE-2014-0250)
It was discovered that FreeRDP incorrectly handled certain values in a Scope List. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2014-0791)
Tyler Bohan discovered that FreeRDP incorrectly handled certain length values. A malicious server could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-2834, CVE-2017-2835)
Tyler Bohan discovered that FreeRDP incorrectly handled certain packets. A malicious server could possibly use this issue to cause FreeRDP to crash, resulting in a denial of service. (CVE-2017-2836, CVE-2017-2837, CVE-2017-2838, CVE-2017-2839)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: libfreerdp-client1.1 1.1.0~git20140921.1.440916e+dfsg1-10ubuntu1.1
Ubuntu 16.04 LTS: libfreerdp-client1.1 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2
Ubuntu 14.04 LTS: libfreerdp1 1.0.2-2ubuntu1.1
In general, a standard system update will make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3380-1 CVE-2014-0250, CVE-2014-0791, CVE-2017-2834, CVE-2017-2835, CVE-2017-2836, CVE-2017-2837, CVE-2017-2838, CVE-2017-2839
Package Information:
https://launchpad.net/ubuntu/+source/freerdp/1.1.0~git20140921.1.440916e+dfsg1-10ubuntu1.1
https://launchpad.net/ubuntu/+source/freerdp/1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2 https://launchpad.net/ubuntu/+source/freerdp/1.0.2-2ubuntu1.1
--cqLSVToOb3XnbRT16gpTD7tf5TgX8BU5f--
--3dbcVVp7SRbX9mkEbGgjG3ub0lWoe4qB8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJZiKM/AAoJEGVp2FWnRL6TgSUP/iwkBjVOOqIwTgwn9yd7F8Bm PA5Oq8PtEDCn8OqCvBpcyZz3F9+uCUcgaruY9JPBkFej3SQbc9JfMHiLMJH8rAJB cThHJHjJMm9KLRD8b//SZtfdoWd4d3C3i3Y2El6Mfl02ex2IRosJW/j3uycepoi0 jIGvMCoy1YZK/5ANeDzpa5z7j/TEzwo+LPP4ZzTmA+9mV7YoTd7R7tjz/nlcE6V+ J3h5EUfjQ7LItSEb4jCs8BIj5Fe1yDoFXltKJIyAbppcnkiI6Lr006LyJpW9PLj9 KTpd4HhihSuxVA8hEmGu2SVM+zllqiFGMYhkKL8xrxt1jwit4d74OBirvyRdwrwP E0LIGzK6Vq4L2B8rmRMb0+UDvDO/hlbOunN9/GTmARCN4M9rQ6+/Es2qJdXnZfA/ tGGTuJ52U9MOjdzNK9psIFgJL/PNLF/JdQy6MOR14d7OCd5cCCyV+PO8rSRxlrLa +gv2BMqHir7Qh5fm6NtiPqznqJBCZqMS3gBahIo5+65hpswvSQi28vwesbx/rGRr Eu0uB5+0TlipBdcI131D9qrCEz5zcHe0iFv8UIl8ao7HUZnmURRCscx4k/+ybBXR QtrBgOeSji90oDAQD3FJVPZfgUzyeKvrXBy+cBKVSajY7UTkUjEaJ5n9p7xedVjx sh0SjP1RjXozxFfWd8Hf =Jk0L -----END PGP SIGNATURE-----
--3dbcVVp7SRbX9mkEbGgjG3ub0lWoe4qB8--
--===============5033177100068893677== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============5033177100068893677==--
|