Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Mageia 9 MGASA-2023-0456 critical: xrdp buffer overflow vulnerability

mageia
Calendar Grey December 1, 2023
Dist Mageia Esm H88
Revised xrdp software in Mageia 9 addresses a significant security flaw that permits out-of-bounds access, affecting operational processes.
The updated packages fix a security vulnerability Access to the font glyphs in xrdp_painter.c is not bounds-checked

Summary

The updated packages fix a security vulnerability
Access to the font glyphs in xrdp_painter.c is not bounds-checked. Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a potentially privileged process. On non-Debian platforms, xrdp tends to run as root. Potentially an out-of-bounds write can follow the out-of-bounds read. There is no denial-of-service impact, providing xrdp is running in forking mode. (CVE-2023-42822)

References

- https://bugs.mageia.org/show_bug.cgi?id=32575

- https://lwn.net/Articles/952920/

- https://www.cve.org/CVERecord?id=CVE-2023-42822

Resolution

SRPMS

- 9/core/xrdp-0.9.23.1-1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 01 Dec 2023
URL: https://advisories.mageia.org/MGASA-2023-0334.html
Type: security
CVE: CVE-2023-42822

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.