Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 43 xorgxrdp Important Stack Buffer Overflow 2026-febea89ac3

fedora
Calendar Grey February 8, 2026
Dist Fedora Esm H88
Security advisory for xorgxrdp on Fedora 43 fixes stack buffer overflow vulnerabilities with important updates.
Release notes for xrdp v0.10.5 (2026/01/27) Security fixes CVE-2025-68670: Improper bounds checking of domain string length leads to Stack- based Buffer Overflow New features

Summary

xorgxrdp is a set of X11 modules that make Xorg act as a backend for

xrdp. Xorg with xorgxrdp is the most advanced xrdp backend with support

for screen resizing and multiple monitors.

Update Information:

Release notes for xrdp v0.10.5 (2026/01/27) Security fixes CVE-2025-68670: Improper bounds checking of domain string length leads to Stack- based Buffer Overflow New features It is now possible to start the xrdp daemon entirely unprivileged from the service manager (#3599 #3603). If you do this certain restrictions will apply. See https://github.com/neutrinolabs/xrdp/wiki/Running-the-xrdp-process-as-non- root for details. TLS pre-master secrets can now be recorded for packet captures (#3617) Add a FuseRootReportMaxFree to work around 'no free space' issues with some file managers (#3639) Alternate shell names can now be passed to startwm.sh in an environment variable for more system management control (#3624 #3651) Updated Xorg paths in sesman.ini to include more recent distros (#3663) Add Slovenian keyboard (#3668 #3670) xrdpapi: Add a way to monitor connect/disconnect events (#3693) Bug fixes Allow an empty X11 UTF8_STRING to be pasted to the clipboard (#3580 #35...

Topics%20covered

Topics Covered

security advisory fedora remote code execution important stack-based buffer overflow xorgxrdp

Change Log

* Thu Jan 29 2026 Bojan Smojver - 0.10.5-1 - Update to 0.10.5 * Sat Jan 17 2026 Fedora Release Engineering - 0.10.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild

References


[ 1 ] Bug #1908387 - Windows with transparency show whatever is below https://bugzilla.redhat.com/show_bug.cgi?id=1908387 [ 2 ] Bug #2279775 - xrdp socketdir not cleaned up on package removal https://bugzilla.redhat.com/show_bug.cgi?id=2279775 [ 3 ] Bug #2322105 - AltGr on Spanish keyboards https://bugzilla.redhat.com/show_bug.cgi?id=2322105 [ 4 ] Bug #2323097 - Requesting clarification on the License of xrdp rpm. https://bugzilla.redhat.com/show_bug.cgi?id=2323097 [ 5 ] Bug #2433438 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via unauthenticated stack-based buffer overflow [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2433438 [ 6 ] Bug #2433439 - CVE-2025-68670 xrdp: xrdp: Remote code execution via unauthenticated stack-based buffer overflow [epel-8] https://bugzilla.redhat.com/show_bug.cgi?id=2433439 [ 7 ] Bug #2433440 - CVE-2025-68670 xorgxrdp: xrdp: Remote code execution via unauthenticat...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-febea89ac3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: xorgxrdp
Product: Fedora 43
Version: 0.10.5
Release: 1.fc43
URL: https://github.com/neutrinolabs/xorgxrdp
Summary: Implementation of xrdp backend as Xorg modules

Topics%20covered

Topics Covered

security advisory fedora remote code execution important stack-based buffer overflow xorgxrdp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here