Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 24: 2017-05e32fe278 Critical: xrdp Password Issue

fedora
Calendar Grey March 3, 2017
Dist Fedora Esm H88
This enhancement addresses vulnerabilities and modifies configuration in sesman.ini for xrdp on Fedora, improving RDP performance.
WARNING: Please note that this update comes with a slightly different syntax of sesman.ini file, so if you edited this file by hand, you may need to look at the .rpmnew file and me...

Summary

xrdp provides a fully functional RDP server compatible with a wide range

of RDP clients, including FreeRDP and Microsoft RDP client.

Update Information:

WARNING: Please note that this update comes with a slightly different syntax of sesman.ini file, so if you edited this file by hand, you may need to look at the .rpmnew file and merge any required changes by hand. This release also creates three files in /etc/xrdp directory if they don't already exist or are empty: - rsakeys.ini - cert.pem - key.pem Also note that in Fedora, the only backend that will really work is still Xvnc for now. New features - New xorgxrdp backend using existing Xorg with additional modules - Improvements to X11rdp backend - Support for IPv6 (disabled by default) - Initial support for RemoteFX Codec (disabled by default) - Support for TLS security layer (preferred over RDP layer if supported by the client) - Support for disabling deprecated SSLv3 protocol and for selecting custom cipher suites in xrdp.ini - Support for bidirectional fastpath (enabled in both directions by default) - Support clients that don't support drawing orders, such as MS RDP client...

Topics%20covered

Topics Covered

security advisory Fedora software fix password issue user authentication xrdp update RDP server

Change Log

References


[ 1 ] Bug #1404972 - CVE-2013-1430 xrdp: Cleartext password shown in file after logging into xrdp session [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1404972 [ 2 ] Bug #1404971 - CVE-2013-1430 xrdp: Cleartext password shown in file after logging into xrdp session [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1404971

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade xrdp' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: xrdp
Product: Fedora 24
Version: 0.9.1
Release: 5.fc24
URL: http://www.xrdp.org/
Summary: Open source remote desktop protocol (RDP) server

Topics%20covered

Topics Covered

security advisory Fedora software fix password issue user authentication xrdp update RDP server

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here