Headline
Debian Security Advisory 5502-1
Debian Linux Security Advisory 5502-1 - Multiple security vulnerabilities have been found in xrdp, a remote desktop protocol server. Buffer overflows and out-of-bound writes may cause a denial of service or other unspecified impact.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Debian Security Advisory DSA-5502-1 [email protected]
https://www.debian.org/security/ Markus Koschany
September 18, 2023 https://www.debian.org/security/faq
Package : xrdp
CVE ID : CVE-2022-23468 CVE-2022-23477 CVE-2022-23478 CVE-2022-23479
CVE-2022-23480 CVE-2022-23481 CVE-2022-23482 CVE-2022-23483
CVE-2022-23484 CVE-2022-23493
Debian Bug : 1025879
Multiple security vulnerabilities have been found in xrdp, a remote desktop
protocol server. Buffer overflows and out-of-bound writes may cause a denial of
service or other unspecified impact.
For the oldstable distribution (bullseye), these problems have been fixed
in version 0.9.21.1-1~deb11u1.
We recommend that you upgrade your xrdp packages.
For the detailed security status of xrdp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xrdp
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmUIwmtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeThjg/+LX307ih4HHt95scGu4iiL1/mARPsTNSKYNqcYMoyM1HlqNdxQ4jGqFaO
oUrP24gqx88hH20Xpr1zGe4YGS7IqlWOfo43CSyBiBE3yuCfbE4Qg+9LfF/nA3fC
BI150AL/i7O4uNXS/WZeoWfOHRahAUz0aMFi13/9iCJW+a+ckSjJCrlKtcHV7kSD
Vg80bHFNc7mdecTj3kqkq7IDOb2WQaXloE5WGUzstIt9EC3Y9zJ7UhGPA4K0iPP1
GlZaAIFro+fMPkgwXlqWtOcep9Ru5/gFzhZjK3q9m2g0YDpdru70hcyYw+Qjo5So
IbXfB97U8Bd1aGnxPaqK65WSx3U6ROBWOLJtDdeAWt6Y2oWyDM+c6MZbnAcQsV2C
7HkgEkjRAbzVwTioqOnk/XsSrDEEb7FqF0/AO5ZRsop0fYON2CXzuEBMnQf+jt4G
Ce+iY8C1ajO222atb+jh9B245NNsnJy4WG54hwUv6jbbRbzQGPeIAkkQ/tnieVrJ
CwCvXhEHobYmGnzBJ7zoTBK3U2MeALoQNdvuvzd50UTw1qbj1tfgtN+QZeJ2yS4P
cektvrQ0CKs2EZMmaUM69Ldb66D+9qgRipbh/AC648/6I2ivMO7MArg8bkoFI3t5
+jZD99bnwfBFuFTGpF8IaFhuuWHGHzm+5nvN77WErw0FMUxq0o0=WCQI
-----END PGP SIGNATURE-----
Related news
Ubuntu Security Notice 6474-1 - It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. It was discovered that xrdp improperly handled session establishment errors. An attacker could potentially use this issue to bypass the OS-level session restrictions by PAM.
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. There are no known workarounds for this issue. Users are advised to upgrade.
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in audin_send_open() function. There are no known workarounds for this issue. Users are advised to upgrade.
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known workarounds for this issue. Users are advised to upgrade.
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. There are no known workarounds for this issue. Users are advised to upgrade.
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function. There are no known workarounds for this issue. Users are advised to upgrade.
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. There are no known workarounds for this issue. Users are advised to upgrade.
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade.
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. There are no known workarounds for this issue. Users are advised to upgrade.
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close() function. There are no known workarounds for this issue. Users are advised to upgrade.
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function. There are no known workarounds for this issue. Users are advised to upgrade.