[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1203-1] xrdp security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : xrdp
Version        : 0.5.0-2+deb7u2
CVE ID         : CVE-2017-16927

The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager
in xrdp uses an untrusted integer as a write length, which allows local users
to cause a denial of service (buffer overflow and application crash) or
possibly have unspecified other impact via a crafted input stream.

For Debian 7 "Wheezy", these problems have been fixed in version
0.5.0-2+deb7u2.

We recommend that you upgrade your xrdp packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAloug4gACgkQ+COicpiD
yXxLexAAqrpzEWJ9ZZz5TPHT0GIbNXL1Mzr28xDD9CGYZNo1eX2PFJn53cketX3l
d/KmblLPo6j5tp5Nmv6ugPGJ6qFnq5650g6w07PgZ45611drx4fL+Nx8w5CRGdN8
8RTvqVCtnlJnsqTybd1JAQGnFEy8mqUddrMeGNXlX+1Axua1/ZcNJhs83kC476Wq
/k4tzPAkIuPMrnTIxXUQPXvmxZlr6yzfkpPM4uofm9FoM4QFvbTeug4pgQ89REiz
ekaqPNrkgZIijtfp75OyuClqC+cyLh3md/s4rK7P9TJaJRNRmIGVpKtJI1NRWxeB
p1xC3b4gsUTDq01YQ0nReVlcb7K9ZqE5iA9WWD5BNlqXUMEZgfHyBWnL0E38+kGx
kSQvcY9YOJajNgZ+Eba0DuvP41UYue+dhAP9AA2JvUGPBx+ENB+jml7ViRmiwkWI
sk7tqZbAdzj9EdvzxOKjIcY604JmMAa60BvpZrs5t6JMcNJftq2b1OR+LpfsPDpH
htK5OldKKT+H80ZkFuwX73O7keHTIZGqW94EeeQO9Z2991oGCPkASrisIIwct/vt
3CVSjxBu8ymuUHUVPe860lhgr3l8e5PPda1xiiBHxzEZ2AkM7m06k9gksO0/N5Rh
WLtQIwXxl+Ac1uGeidoOeBYbp+ufnMQpjb4bwJq487vg/dl7jOA=
=u+m6
-----END PGP SIGNATURE-----


Reply to: