Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 37: FEDORA-2023-40298f6951 Moderate: Improper Session Handling

fedora
Calendar Grey September 10, 2023
Dist Fedora Esm H88
The latest security patch for xrdp in Fedora 37 addresses critical session management vulnerabilities and phases out cross-host operations. Vital for all users.
Release notes for xrdp v0.9.23 (2023/08/31) General announcements - Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated

Summary

xrdp provides a fully functional RDP server compatible with a wide range

of RDP clients, including FreeRDP and Microsoft RDP client.

Update Information:

Release notes for xrdp v0.9.23 (2023/08/31) General announcements - Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible. Security fixes - CVE-2023-40184: Improper handling of session establishment errors allows bypassing OS-level session restrictions (Reported by @gafusss) Bug fixes - Environment variables set by PAM modules are no longer restricted to around 250 characters (#2712) - X11 clipboard clients now no longer hang when requesting a clipboard format which isn't available (#2767) New features No new features in this release. Internal changes - Introduce release tarball generation script (#2703) - cppcheck version used for CI bumped to 2.11 (#2738) Known issues - On-the-fly resolution change requires the Microsoft Store v...

Topics%20covered

Topics Covered

security advisory Fedora security fix moderate severity remote desktop session handling xrdp

Change Log

* Fri Sep 1 2023 Bojan Smojver - 1:0.9.23-1 - Update to 0.9.23 - CVE-2023-40184 * Sat Jul 22 2023 Fedora Release Engineering - 1:0.9.22.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jun 13 2023 Leigh Scott - 1:0.9.22.1-3 - Rebuild fo new imlib2

References


[ 1 ] Bug #2236307 - CVE-2023-40184 xrdp: xdp: restriction bypass via improper session handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2236307 [ 2 ] Bug #2236308 - CVE-2023-40184 xrdp: xdp: restriction bypass via improper session handling [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2236308

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-40298f6951' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
important
Lowest
Low
Medium
High
Critical

Name: xrdp
Product: Fedora 37
Version: 0.9.23
Release: 1.fc37
URL: http://www.xrdp.org/
Summary: Open source remote desktop protocol (RDP) server

Topics%20covered

Topics Covered

security advisory Fedora security fix moderate severity remote desktop session handling xrdp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here