Mageia 2021-0016: xrdp security update | LinuxSecurity.com
MGASA-2021-0016 - Updated xrdp packages fix security vulnerability

Publication date: 10 Jan 2021
URL: https://advisories.mageia.org/MGASA-2021-0016.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-4044

Ashley Newson discovered that the XRDP sessions manager was susceptible to
denial of service. A local attacker can further take advantage of this flaw to
impersonate the XRDP sessions manager and capture any user credentials that are
submitted to XRDP, approve or reject arbitrary login credentials or to hijack
existing sessions for xorgxrdp sessions (CVE-2020-4044).

References:
- https://bugs.mageia.org/show_bug.cgi?id=26931
- https://www.debian.org/security/2020/dsa-4737
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/7FYD6USHZXDI2EAZVGOVFMAE7ILP3SPL/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4044

SRPMS:
- 7/core/xrdp-0.9.10-1.1.mga7

Mageia 2021-0016: xrdp security update

Ashley Newson discovered that the XRDP sessions manager was susceptible to denial of service

Summary

Ashley Newson discovered that the XRDP sessions manager was susceptible to denial of service. A local attacker can further take advantage of this flaw to impersonate the XRDP sessions manager and capture any user credentials that are submitted to XRDP, approve or reject arbitrary login credentials or to hijack existing sessions for xorgxrdp sessions (CVE-2020-4044).

References

- https://bugs.mageia.org/show_bug.cgi?id=26931

- https://www.debian.org/security/2020/dsa-4737

- https://lists.fedoraproject.org/archives/list/[email protected]/thread/7FYD6USHZXDI2EAZVGOVFMAE7ILP3SPL/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4044

Resolution

MGASA-2021-0016 - Updated xrdp packages fix security vulnerability

SRPMS

- 7/core/xrdp-0.9.10-1.1.mga7

Severity
Publication date: 10 Jan 2021
URL: https://advisories.mageia.org/MGASA-2021-0016.html
Type: security
CVE: CVE-2020-4044

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.