What Are You Looking For?

Popular Tags

Sign Up
MGASA-2023-0002 - Updated xrdp packages fix security vulnerability

Publication date: 13 Jan 2023
URL: https://advisories.mageia.org/MGASA-2023-0002.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-23468,
     CVE-2022-23477,
     CVE-2022-23478,
     CVE-2022-23479,
     CVE-2022-23480,
     CVE-2022-23481,
     CVE-2022-23482,
     CVE-2022-23483,
     CVE-2022-23484

xrdp less than v0.9.21 contain a buffer over flow in
xrdp_login_wnd_create() function. (CVE-2022-23468)

xrdp less than v0.9.21 contain a buffer over flow in audin_send_open()
function. (CVE-2022-23477)

xrdp less than v0.9.21 contain a Out of Bound Write in
xrdp_mm_trans_process_drdynvc_channel_open() function. (CVE-2022-23478)

xrdp less than v0.9.21 contain a buffer over flow in
xrdp_mm_chan_data_in() function. (CVE-2022-23479)

xrdp less than v0.9.21 contain a buffer over flow in
devredir_proc_client_devlist_announce_req() function. (CVE-2022-23480)

xrdp less than v0.9.21 contain a Out of Bound Read in
xrdp_caps_process_confirm_active() function. (CVE-2022-23481)

xrdp less than v0.9.21 contain a Out of Bound Read in
xrdp_sec_process_mcs_data_CS_CORE() function. (CVE-2022-23482)

xrdp less than v0.9.21 contain a Out of Bound Read in
libxrdp_send_to_channel() function. (CVE-2022-23483)

xrdp less than v0.9.21 contain a Integer Overflow in
xrdp_mm_process_rail_update_window_text() function. (CVE-2022-23484)

xrdp less than v0.9.21 contain a Out of Bound Read in
xrdp_mm_trans_process_drdynvc_channel_close() function. (CVE-2022-23493)

References:
- https://bugs.mageia.org/show_bug.cgi?id=31309
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/67CHZVOMSTH2Q7P3TYFUNZUA6J7ZYEBQ/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23468
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23477
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23478
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23479
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23480
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23481
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23482
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23483
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23484

SRPMS:
- 8/core/xrdp-0.9.21-1.mga8

Mageia 2023-0002: xrdp security update

xrdp less than v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function

Summary

xrdp less than v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. (CVE-2022-23468)
xrdp less than v0.9.21 contain a buffer over flow in audin_send_open() function. (CVE-2022-23477)
xrdp less than v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. (CVE-2022-23478)
xrdp less than v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. (CVE-2022-23479)
xrdp less than v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function. (CVE-2022-23480)
xrdp less than v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function. (CVE-2022-23481)
xrdp less than v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. (CVE-2022-23482)
xrdp less than v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. (CVE-2022-23483)
xrdp less than v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. (CVE-2022-23484)
xrdp less than v0.9.21 contain a Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close() function. (CVE-2022-23493)

References

- https://bugs.mageia.org/show_bug.cgi?id=31309

- https://lists.fedoraproject.org/archives/list/[email protected]/thread/67CHZVOMSTH2Q7P3TYFUNZUA6J7ZYEBQ/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23468

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23477

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23478

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23479

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23480

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23481

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23482

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23483

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23484

Resolution

MGASA-2023-0002 - Updated xrdp packages fix security vulnerability

SRPMS

- 8/core/xrdp-0.9.21-1.mga8

Severity
Publication date: 13 Jan 2023
URL: https://advisories.mageia.org/MGASA-2023-0002.html
Type: security
CVE: CVE-2022-23468, CVE-2022-23477, CVE-2022-23478, CVE-2022-23479, CVE-2022-23480, CVE-2022-23481, CVE-2022-23482, CVE-2022-23483, CVE-2022-23484

Related News

Mitigations for Critical c-ares DoS, Code Execution Bug Released

Sep 29, 2023

Ubuntu Core as an Immutable Linux Desktop Base

Jun 6, 2023

High-Severity ntfs-3g Buffer Overflow Vulns Fixed

Jun 1, 2023

Important runC Privilege Escalation Flaws Fixed

May 26, 2023

News

Advisories

HOWTOs

Features

Everything You Need to Know About Linux Proxy Servers
Simple Steps for Identifying & Troubleshooting a Kernel Panic
Linux Endpoint Detection and Response (EDR): A Crucial Part of a Successful Cybersecurity Strategy
Supercharging Linux: Tips & Tricks to Beat the Threat Landscape
LinuxSecurity.com Migrates to Joomla 4 and PHP 8: Our Experience & Key Takeaways

About Us

Powered By

Footer Logo

Feedback