MGASA-2021-0016 - Updated xrdp packages fix security vulnerability

Publication date: 10 Jan 2021
URL: https://advisories.mageia.org/MGASA-2021-0016.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-4044

Ashley Newson discovered that the XRDP sessions manager was susceptible to
denial of service. A local attacker can further take advantage of this flaw to
impersonate the XRDP sessions manager and capture any user credentials that are
submitted to XRDP, approve or reject arbitrary login credentials or to hijack
existing sessions for xorgxrdp sessions (CVE-2020-4044).

References:
- https://bugs.mageia.org/show_bug.cgi?id=26931
- https://www.debian.org/security/2020/dsa-4737
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/7FYD6USHZXDI2EAZVGOVFMAE7ILP3SPL/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4044

SRPMS:
- 7/core/xrdp-0.9.10-1.1.mga7