MGASA-2023-0002 - Updated xrdp packages fix security vulnerability Publication date: 13 Jan 2023 URL: https://advisories.mageia.org/MGASA-2023-0002.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-23468, CVE-2022-23477, CVE-2022-23478, CVE-2022-23479, CVE-2022-23480, CVE-2022-23481, CVE-2022-23482, CVE-2022-23483, CVE-2022-23484 xrdp less than v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. (CVE-2022-23468) xrdp less than v0.9.21 contain a buffer over flow in audin_send_open() function. (CVE-2022-23477) xrdp less than v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. (CVE-2022-23478) xrdp less than v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. (CVE-2022-23479) xrdp less than v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function. (CVE-2022-23480) xrdp less than v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function. (CVE-2022-23481) xrdp less than v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. (CVE-2022-23482) xrdp less than v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. (CVE-2022-23483) xrdp less than v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. (CVE-2022-23484) xrdp less than v0.9.21 contain a Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close() function. (CVE-2022-23493) References: - https://bugs.mageia.org/show_bug.cgi?id=31309 - https://lists.fedoraproject.org/archives/list/[email protected]/thread/67CHZVOMSTH2Q7P3TYFUNZUA6J7ZYEBQ/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23468 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23477 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23478 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23479 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23480 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23481 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23482 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23483 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23484 SRPMS: - 8/core/xrdp-0.9.21-1.mga8