Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 26 xrdp Security Advisory: Critical Updates and New Features

fedora
Calendar Grey April 13, 2017
Dist Fedora Esm H88
Fedora 26's xrdp now boasts significant security upgrades, featuring stronger encryption, a refined interface, improved performance, and better user access control
New upstream version of xorgxrdp and xrdp: New features in xrdp: - RemoteFX codec support is now enabled by default

Summary

xrdp provides a fully functional RDP server compatible with a wide range

of RDP clients, including FreeRDP and Microsoft RDP client.

New upstream version of xorgxrdp and xrdp: New features in xrdp: - RemoteFX

codec support is now enabled by default. - Bitmap updates support is now enabled

by default. - TLS ciphers suites and version is now logged. - Connected computer

name is now logged. - Switched to Xorg (xorgxrdp) as the default backend now. -Miscellaneous RemoteFX codec mode improvements. - Socket directory is

configurable at the compile time. Bugfixes in xrdp: - Parallels client for

MacOS / iOS can now connect (audio redirection must be disabled on client or

xrdp server though). - MS RDP client for iOS can now connect using TLS security

layer. - MS RDP client for Android can now connect to xrdp. - Large resolutions

(4K) can be used with RemoteFX graphics. - Multiple RemoteApps can be opened

throguh NeutrinoRDP proxy. - tls_ciphers in xrdp.ini is not limited to 63 chars

anymore, it's variable-length. - Fixed an issue where tls_ciphers were ignored

and rdp security layer could be used instead. - Kill disconnected sessions

feature is working with Xorg (xorgxrdp) backend. - Miscellaneous code cleanup

and memory issues fixes. Rebuild of xrdp requiring both xorgxrdp and tigervnc-minimal. VNC is still the default.

[ 1 ] Bug #1433959 - CVE-2017-6967 xrdp: Incorrect placement of auth_start_session() [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1433959

su -c 'dnf upgrade xrdp' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Topics%20covered

Topics Covered

security advisory Fedora security fix remote desktop xrdp

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 26
Version: 0.9.2
Release: 5.fc26
URL: http://www.xrdp.org/
Summary: Open source remote desktop protocol (RDP) server

Topics%20covered

Topics Covered

security advisory Fedora security fix remote desktop xrdp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here