Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 439
Alerts This Week
Warning Icon 1 439

Debian 10: DLA-3375-1 Critical: xrdp Buffer Overflow Fixes

debian lts
Calendar Grey March 31, 2023
Dist Debian Esm H88
Ubuntu announces ULA-8922-3 for xorg-server tackling essential memory leaks and enhanced display server safety.
It was discovered that there were a number of vulnerabilies in the xrdp Remote Desktop Protocol (RDP) server: * CVE-2022-23480: Prevent a series of potential buffer overflow

Summary

* CVE-2022-23480: Prevent a series of potential buffer overflow
vulnerabilities in the devredir_proc_client_devlist_announce_req()
function.

* CVE-2022-23481: Fix an out-of-bounds read vulnerability in the
xrdp_caps_process_confirm_active() function.

* CVE-2022-23482: Fix an out-of-bounds read vulnerability in the
xrdp_sec_process_mcs_data_CS_CORE() function.

For Debian 10 buster, these problems have been fixed in version
0.9.9-1+deb10u3.

We recommend that you upgrade your xrdp packages.

For the detailed security status of xrdp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/xrdp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS



Severity
critical
Lowest
Low
Medium
High
Critical

Package: xrdp
Version: 0.9.9-1+deb10u3
Debian Bug: 1025879

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.