CVE-2018-8789 in Ubuntu

CVE-2018-8789

Priority

Description

FreeRDP prior to version 2.0.0-rc4 contains several Out-Of-Bounds Reads in
the NTLM Authentication module that results in a Denial of Service
(segfault).

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8789
https://github.com/FreeRDP/FreeRDP/commit/2ee663f39dc8dac3d9988e847db19b2d7e3ac8c6
https://usn.ubuntu.com/usn/usn-3845-1
https://usn.ubuntu.com/usn/usn-3845-2

Assigned-to

amurray

Notes

Package

Source: freerdp (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was not-affected [code not present])
Ubuntu 16.04 LTS (Xenial Xerus):	released (1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3)
Ubuntu 18.04 LTS (Bionic Beaver):	released (1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1)
Ubuntu 19.10 (Eoan Ermine):	DNE

Package

Source: freerdp2 (LP Ubuntu Debian)

Upstream:	released (2.0.0~git20181120.1.e21b72c95+dfsg1-1)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE
Ubuntu 14.04 ESM (Trusty Tahr):	DNE
Ubuntu 16.04 LTS (Xenial Xerus):	DNE
Ubuntu 18.04 LTS (Bionic Beaver):	released (2.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.1)
Ubuntu 19.10 (Eoan Ermine):	released (2.0.0~git20181120.1.e21b72c95+dfsg1-1)

More Information

Updated: 2020-03-18 22:53:35 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)