Mageia 2021-0016: xrdp security update
Summary
Ashley Newson discovered that the XRDP sessions manager was susceptible to
denial of service. A local attacker can further take advantage of this flaw to
impersonate the XRDP sessions manager and capture any user credentials that are
submitted to XRDP, approve or reject arbitrary login credentials or to hijack
existing sessions for xorgxrdp sessions (CVE-2020-4044).
References
- https://bugs.mageia.org/show_bug.cgi?id=26931
- https://www.debian.org/security/2020/dsa-4737
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/7FYD6USHZXDI2EAZVGOVFMAE7ILP3SPL/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4044
Resolution
MGASA-2021-0016 - Updated xrdp packages fix security vulnerability
SRPMS
- 7/core/xrdp-0.9.10-1.1.mga7