PublicDateAtUSN: 2018-11-29
Candidate: CVE-2018-8789
PublicDate: 2018-11-29 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8789
 https://github.com/FreeRDP/FreeRDP/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6
 https://ubuntu.com/security/notices/USN-3845-1
 https://ubuntu.com/security/notices/USN-3845-2
Description:
 FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in
 the NTLM Authentication module that results in a Denial of Service
 (segfault).
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: amurray
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_freerdp2:
upstream_freerdp2: released (2.0.0~git20181120.1.e21b72c95+dfsg1-1)
precise/esm_freerdp2: DNE
trusty_freerdp2: DNE
trusty/esm_freerdp2: DNE
xenial_freerdp2: DNE
bionic_freerdp2: released (2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1)
cosmic_freerdp2: released (2.0.0~git20180411.1.7a7b1802+dfsg1-2ubuntu0.1)
disco_freerdp2: released (2.0.0~git20181120.1.e21b72c95+dfsg1-1)
devel_freerdp2: released (2.0.0~git20181120.1.e21b72c95+dfsg1-1)

Patches_freerdp:
upstream_freerdp: needs-triage
precise/esm_freerdp: DNE
trusty_freerdp: not-affected (code not present)
trusty/esm_freerdp: DNE (trusty was not-affected [code not present])
xenial_freerdp: released (1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3)
esm-infra/xenial_freerdp: released (1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3)
bionic_freerdp: released (1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1)
cosmic_freerdp: released (1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.10.1)
disco_freerdp: DNE
devel_freerdp: DNE