Stay Secure with the Latest Linux Advisories

security advisorydenial of serviceUbuntu

Ubuntu 25.10 xrdp Critical DoS Arbitrary Code Vuln USN-8476-1

Several security issues were fixed in xrdp.. ========================================================================== Ubuntu Security Notice USN-8476-1 June 25, 2026 xrdp vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in xrdp. Software Description: - xrdp: an open source RDP server Details: It was discovered that xrdp incorrectly handled bounds checking when processing user domain information during the connection sequence. An unauthenticated remote attacker could use this issue to cause xrdp to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-68670) It was discovered that xrdp did not correctly enforce the maximum number of login attempts configured by the MaxLoginRetry parameter. A remote attacker could use this issue to perform an unlimited number of login attempts. (CVE-2024-39917) It was discovered that xrdp did not perform bounds checking when accessing font glyphs. Since some of this data is controllable by the user, a remote attacker could use this issue to cause xrdp to read out of bounds. This issue only affected Ubuntu 24.04 LTS. (CVE-2023-42822) It was discovered that xrdp did not properly handle session establishment errors. A remote attacker could use this issue to bypass OS-level session restrictions enforced by PAM, such as the maximum number of concurrent sessions per user. This issue only affected Ubuntu 24.04 LTS. (CVE-2023-40184) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 xrdp 0.10.1-3.1+deb13u1build0.25.10.1 Ubuntu 24.04 LTS xrdp 0.9.24-4ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS xrdp 0.9.17-2ubuntu3+esm2 Available with Ubuntu Pro Ubuntu 20.04 LTS xrdp 0.9.12-1ubuntu0.1+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS xorgxrdp 0.9.5-2ubuntu0.1~esm3 Available with Ubuntu Pro xrdp 0.9.5-2ubuntu0.1~esm3 Available with Ubuntu Pro xrdp-pulseaudio-installer 0.9.5-2ubuntu0.1~esm3 Available with Ubuntu Pro After a standard system update you need to restart xrdp to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8476-1 CVE-2023-40184, CVE-2023-42822, CVE-2024-39917, CVE-2025-68670 Package Information: https://launchpad.net/ubuntu/+source/xrdp/0.10.1-3.1+deb13u1build0.25.10.1 . Multiple security fixes for xrdp enhance protection against denial of service and session issues in Ubuntu. Keep systems secure!. xrdp security update, Ubuntu xrdp vulnerabilities, Denial of Service xrdp, security patches Ubuntu, xrdp session management. . Severity: Critical. LinuxSecurity.com Team

Jun 25, 2026 •Critical Ubuntu