Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 38 xrdp Moderate: FEDORA-2023-b1d585e148 Session Bypass Issue

fedora
Calendar Grey September 10, 2023
Dist Fedora Esm H88
Fedora has released an xrdp update addressing a critical security vulnerability while enhancing remote desktop service robustness. Users are urged to update promptly.
Release notes for xrdp v0.9.23 (2023/08/31) General announcements - Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated

Summary

xrdp provides a fully functional RDP server compatible with a wide range

of RDP clients, including FreeRDP and Microsoft RDP client.

Update Information:

Release notes for xrdp v0.9.23 (2023/08/31) General announcements - Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible. Security fixes - CVE-2023-40184: Improper handling of session establishment errors allows bypassing OS-level session restrictions (Reported by @gafusss) Bug fixes - Environment variables set by PAM modules are no longer restricted to around 250 characters (#2712) - X11 clipboard clients now no longer hang when requesting a clipboard format which isn't available (#2767) New features No new features in this release. Internal changes - Introduce release tarball generation script (#2703) - cppcheck version used for CI bumped to 2.11 (#2738) Known issues - On-the-fly resolution change requires the Microsoft Store v...

Topics%20covered

Topics Covered

security advisory moderate Fedora bypass session handling xrdp CVE-2023-40184

Change Log

* Fri Sep 1 2023 Bojan Smojver - 1:0.9.23-1 - Update to 0.9.23 - CVE-2023-40184 * Sat Jul 22 2023 Fedora Release Engineering - 1:0.9.22.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jun 13 2023 Leigh Scott - 1:0.9.22.1-3 - Rebuild fo new imlib2

References


[ 1 ] Bug #2236307 - CVE-2023-40184 xrdp: xdp: restriction bypass via improper session handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2236307 [ 2 ] Bug #2236308 - CVE-2023-40184 xrdp: xdp: restriction bypass via improper session handling [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2236308

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-b1d585e148' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: xrdp
Product: Fedora 38
Version: 0.9.23
Release: 1.fc38
URL: http://www.xrdp.org/
Summary: Open source remote desktop protocol (RDP) server

Topics%20covered

Topics Covered

security advisory moderate Fedora bypass session handling xrdp CVE-2023-40184

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here