[SECURITY] [DLA 3375-1] xrdp security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3375-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
March 31, 2023 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : xrdp
Version : 0.9.9-1+deb10u3
CVE IDs : CVE-2022-23480 CVE-2022-23481 CVE-2022-23482
Debian Bug : 1025879
It was discovered that there were a number of vulnerabilies in the
xrdp Remote Desktop Protocol (RDP) server:
* CVE-2022-23480: Prevent a series of potential buffer overflow
vulnerabilities in the devredir_proc_client_devlist_announce_req()
function.
* CVE-2022-23481: Fix an out-of-bounds read vulnerability in the
xrdp_caps_process_confirm_active() function.
* CVE-2022-23482: Fix an out-of-bounds read vulnerability in the
xrdp_sec_process_mcs_data_CS_CORE() function.
For Debian 10 buster, these problems have been fixed in version
0.9.9-1+deb10u3.
We recommend that you upgrade your xrdp packages.
For the detailed security status of xrdp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xrdp
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmQm1dsACgkQHpU+J9Qx
HljlcRAAtl6O9oCk8zzqPWgTC5H+I6/Ro+FW8UNEdLlVBa/tenj3TADFr30faeJZ
vhqUCFx0ncaZRkmnNvT8Tyhi56E/NSFF8qCag7bnq0QrOAF24Ao/0y34K/vMXbTd
P3xJnD8cbJws0TOwiKCUU5pRPxeRK+bZlvZy5TFs5VggU7p4u+obRZrsavgS0dbG
xW8MF4UFvAG1g+N34VExzY5T/t9vG/xJjnV662az+h/xSdDuCzup8RGpa1Kvh+5H
FmLZUY7J3DJTehKP2bp1kuOPEkYy2i6xB8AklqCpnh9QdR7ECo6VzH945tz4p9u4
qbEow4joMmtykvhMs+imOIf4AoOulpbi6EZnZ3fGO1zXjAH4EaSB+YCnG2VOnp1q
7LrOx0aQ1e5GA3EaEWrXaeh0zMc2c9L7xDA7D8lgHuV3RsqATp3KsOiEH6WF81rt
NugP87L4X802FudOi7Hzf23+ToMsX/ofzQl2NVHE9QI8fw85KhEWlz4OmXfAcXrR
9z5FSKb+bpL1hCYokB2tv7Ey8UAsZeE2RNUvPgpdLcZ8MOqtUXVexghSh9lPQ+js
N5lPBz2pu3OdtefIZU2bZfd5ZQLjI8gqfS9Y1TOXLrirh6kYgn0SjGiteQFKuod4
ym04jEuzJpicFqH03vgIYVN6EI2+/yUKdNKnZKQqSiIvDNIvu/8=
=uBP0
-----END PGP SIGNATURE-----
Reply to: