========================================================================== Ubuntu Security Notice USN-4379-1 June 01, 2020 freerdp2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 19.10 - Ubuntu 18.04 LTS Summary: Several security issues were fixed in FreeRDP. Software Description: - freerdp2: RDP client for Windows Terminal Services Details: It was discovered that FreeRDP incorrectly handled certain memory operations. A remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly exeucte arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libfreerdp-client2-2 2.1.1+dfsg1-0ubuntu0.20.04.1 libfreerdp-server2-2 2.1.1+dfsg1-0ubuntu0.20.04.1 libfreerdp2-2 2.1.1+dfsg1-0ubuntu0.20.04.1 Ubuntu 19.10: libfreerdp-client2-2 2.1.1+dfsg1-0ubuntu0.19.10.1 libfreerdp-server2-2 2.1.1+dfsg1-0ubuntu0.19.10.1 libfreerdp2-2 2.1.1+dfsg1-0ubuntu0.19.10.1 Ubuntu 18.04 LTS: libfreerdp-client2-2 2.1.1+dfsg1-0ubuntu0.18.04.1 libfreerdp-server2-2 2.1.1+dfsg1-0ubuntu0.18.04.1 libfreerdp2-2 2.1.1+dfsg1-0ubuntu0.18.04.1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4379-1 CVE-2018-1000852, CVE-2019-17177, CVE-2020-11042, CVE-2020-11044, CVE-2020-11045, CVE-2020-11046, CVE-2020-11047, CVE-2020-11048, CVE-2020-11049, CVE-2020-11058, CVE-2020-11521, CVE-2020-11522, CVE-2020-11523, CVE-2020-11524, CVE-2020-11525, CVE-2020-11526, CVE-2020-13396, CVE-2020-13397, CVE-2020-13398 Package Information: https://launchpad.net/ubuntu/+source/freerdp2/2.1.1+dfsg1-0ubuntu0.20.04.1 https://launchpad.net/ubuntu/+source/freerdp2/2.1.1+dfsg1-0ubuntu0.19.10.1 https://launchpad.net/ubuntu/+source/freerdp2/2.1.1+dfsg1-0ubuntu0.18.04.1