Sicherheit: Mangelnde Rechteprüfung in xrdp
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in xrdp
ID: FEDORA-2023-5134642a68
Distribution: Fedora
Plattformen: Fedora 39
Datum: Sa, 16. September 2023, 10:48
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40184
Applikationen: xrdp


Fedora Update Notification
2023-09-15 18:36:13.240379

Name : xrdp
Product : Fedora 39
Version : 0.9.23
Release : 1.fc39
URL : http://www.xrdp.org/
Summary : Open source remote desktop protocol (RDP) server
Description :
xrdp provides a fully functional RDP server compatible with a wide range
of RDP clients, including FreeRDP and Microsoft RDP client.

Update Information:

Release notes for xrdp v0.9.23 (2023/08/31) General announcements - Running
xrdp and xrdp-sesman on separate hosts is still supported by this release, but
is now deprecated. This is not secure. A future v1.0 release will replace the
TCP socket used between these processes with a Unix Domain Socket, and then
cross-host running will not be possible. Security fixes - CVE-2023-40184:
Improper handling of session establishment errors allows bypassing OS-level
session restrictions (Reported by @gafusss) Bug fixes - Environment
set by PAM modules are no longer restricted to around 250 characters (#2712) -
X11 clipboard clients now no longer hang when requesting a clipboard format
which isn't available (#2767) New features No new features in this
Internal changes - Introduce release tarball generation script (#2703) -
cppcheck version used for CI bumped to 2.11 (#2738) Known issues -
resolution change requires the Microsoft Store version of Remote Desktop client
but sometimes crashes on connect (#1869) - xrdp's login dialog is not
at the center of the new resolution after on-the-fly resolution change happens

* Fri Sep 1 2023 Bojan Smojver <bojan@rexursive.com> - 1:0.9.23-1
- Update to 0.9.23
- CVE-2023-40184

[ 1 ] Bug #2236307 - CVE-2023-40184 xrdp: xdp: restriction bypass via
improper session handling [fedora-all]
[ 2 ] Bug #2236308 - CVE-2023-40184 xrdp: xdp: restriction bypass via
improper session handling [epel-all]

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-5134642a68' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Pro-Linux @Facebook
Neue Nachrichten