Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 42 xorgxrdp Critical Buffer Overflow CVE-2025-68670 Advisory

fedora
Calendar Grey February 8, 2026
Dist Fedora Esm H88
Crucial Fedora 42 xorgxrdp update addresses buffer overflow risk and enhances security. Learn how to upgrade now!
Release notes for xrdp v0.10.5 (2026/01/27) Security fixes CVE-2025-68670: Improper bounds checking of domain string length leads to Stack- based Buffer Overflow New features

Summary

xorgxrdp is a set of X11 modules that make Xorg act as a backend for

xrdp. Xorg with xorgxrdp is the most advanced xrdp backend with support

for screen resizing and multiple monitors.

Update Information:

Release notes for xrdp v0.10.5 (2026/01/27) Security fixes CVE-2025-68670: Improper bounds checking of domain string length leads to Stack- based Buffer Overflow New features It is now possible to start the xrdp daemon entirely unprivileged from the service manager (#3599 #3603). If you do this certain restrictions will apply. See https://github.com/neutrinolabs/xrdp/wiki/Running-the-xrdp-process-as-non- root for details. TLS pre-master secrets can now be recorded for packet captures (#3617) Add a FuseRootReportMaxFree to work around 'no free space' issues with some file managers (#3639) Alternate shell names can now be passed to startwm.sh in an environment variable for more system management control (#3624 #3651) Updated Xorg paths in sesman.ini to include more recent distros (#3663) Add Slovenian keyboard (#3668 #3670) xrdpapi: Add a way to monitor connect/disconnect events (#3693) Bug fixes Allow an empty X11 UTF8_STRING to be pasted to the clipboard (#3580 #35...

Topics%20covered

Topics Covered

security advisory fedora buffer overflow critical security fix xorgxrdp

Change Log

* Thu Jan 29 2026 Bojan Smojver - 0.10.5-1 - Update to 0.10.5 * Sat Jan 17 2026 Fedora Release Engineering - 0.10.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Fri Jul 25 2025 Fedora Release Engineering - 0.10.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild

References


[ 1 ] Bug #1908387 - Windows with transparency show whatever is below https://bugzilla.redhat.com/show_bug.cgi?id=1908387 [ 2 ] Bug #2279775 - xrdp socketdir not cleaned up on package removal https://bugzilla.redhat.com/show_bug.cgi?id=2279775 [ 3 ] Bug #2322105 - AltGr on Spanish keyboards https://bugzilla.redhat.com/show_bug.cgi?id=2322105 [ 4 ] Bug #2323097 - Requesting clarification on the License of xrdp rpm. https://bugzilla.redhat.com/show_bug.cgi?id=2323097 [ 5 ] Bug #2433438 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via unauthenticated stack-based buffer overflow [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2433438 [ 6 ] Bug #2433439 - CVE-2025-68670 xrdp: xrdp: Remote code execution via unauthenticated stack-based buffer overflow [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2433439 [ 7 ] Bug #2433440 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via unauthenticat...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b409dad73e' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: xorgxrdp
Product: Fedora 42
Version: 0.10.5
Release: 1.fc42
URL: https://github.com/neutrinolabs/xorgxrdp
Summary: Implementation of xrdp backend as Xorg modules

Topics%20covered

Topics Covered

security advisory fedora buffer overflow critical security fix xorgxrdp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here