Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Preisgabe von Informationen in xrdp
Aktuelle Meldungen Distributionen
Name: Preisgabe von Informationen in xrdp
ID: FEDORA-2017-05e32fe278
Distribution: Fedora
Plattformen: Fedora 24
Datum: Fr, 3. März 2017, 07:20
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1430

Originalnachricht

Name        : xrdp
Product : Fedora 24
Version : 0.9.1
Release : 5.fc24
URL : http://www.xrdp.org/
Summary : Open source remote desktop protocol (RDP) server
Description :
xrdp provides a fully functional RDP server compatible with a wide range
of RDP clients, including FreeRDP and Microsoft RDP client.

-------------------------------------------------------------------------------
-
Update Information:

WARNING: Please note that this update comes with a slightly different syntax of
sesman.ini file, so if you edited this file by hand, you may need to look at
the
.rpmnew file and merge any required changes by hand. This release also creates
three files in /etc/xrdp directory if they don't already exist or are
empty: -
rsakeys.ini - cert.pem - key.pem Also note that in Fedora, the only backend
that will really work is still Xvnc for now. New features - New xorgxrdp
backend using existing Xorg with additional modules - Improvements to X11rdp
backend - Support for IPv6 (disabled by default) - Initial support for RemoteFX
Codec (disabled by default) - Support for TLS security layer (preferred over
RDP
layer if supported by the client) - Support for disabling deprecated SSLv3
protocol and for selecting custom cipher suites in xrdp.ini - Support for
bidirectional fastpath (enabled in both directions by default) - Support
clients
that don't support drawing orders, such as MS RDP client for Android,
ChromeRDP
(disabled by default) - More configurable login screen - Support for new
virtual
channels: - - rdpdr: device redirection - - rdpsnd: audio output - -
cliprdr:
clipboard - - xrdpvr: xrdp video redirection channel (can be used along with
NeutrinoRDP client) - Support for disabling virtual channels globally or by
session type - Allow to specify the path for backends (Xorg, X11rdp, Xvnc) -
Added files for systemd support - Multi-monitor support - xrdp-chansrv stroes
logs in ${XDG_DATA_HOME}/xrdp now Security fixes - User's password could
be
recovered from the Xvnc password file - X11 authentication was not used
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1404972 - CVE-2013-1430 xrdp: Cleartext password shown in file
after logging into xrdp session [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1404972
[ 2 ] Bug #1404971 - CVE-2013-1430 xrdp: Cleartext password shown in file
after logging into xrdp session [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1404971
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade xrdp' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung