[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3375-1] xrdp security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3375-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
March 31, 2023                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : xrdp
Version        : 0.9.9-1+deb10u3
CVE IDs        : CVE-2022-23480 CVE-2022-23481 CVE-2022-23482
Debian Bug     : 1025879

It was discovered that there were a number of vulnerabilies in the
xrdp Remote Desktop Protocol (RDP) server:

* CVE-2022-23480: Prevent a series of potential buffer overflow
  vulnerabilities in the devredir_proc_client_devlist_announce_req()
  function.

* CVE-2022-23481: Fix an out-of-bounds read vulnerability in the
  xrdp_caps_process_confirm_active() function.

* CVE-2022-23482: Fix an out-of-bounds read vulnerability in the
  xrdp_sec_process_mcs_data_CS_CORE() function.

For Debian 10 buster, these problems have been fixed in version
0.9.9-1+deb10u3.

We recommend that you upgrade your xrdp packages.

For the detailed security status of xrdp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xrdp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmQm1dsACgkQHpU+J9Qx
HljlcRAAtl6O9oCk8zzqPWgTC5H+I6/Ro+FW8UNEdLlVBa/tenj3TADFr30faeJZ
vhqUCFx0ncaZRkmnNvT8Tyhi56E/NSFF8qCag7bnq0QrOAF24Ao/0y34K/vMXbTd
P3xJnD8cbJws0TOwiKCUU5pRPxeRK+bZlvZy5TFs5VggU7p4u+obRZrsavgS0dbG
xW8MF4UFvAG1g+N34VExzY5T/t9vG/xJjnV662az+h/xSdDuCzup8RGpa1Kvh+5H
FmLZUY7J3DJTehKP2bp1kuOPEkYy2i6xB8AklqCpnh9QdR7ECo6VzH945tz4p9u4
qbEow4joMmtykvhMs+imOIf4AoOulpbi6EZnZ3fGO1zXjAH4EaSB+YCnG2VOnp1q
7LrOx0aQ1e5GA3EaEWrXaeh0zMc2c9L7xDA7D8lgHuV3RsqATp3KsOiEH6WF81rt
NugP87L4X802FudOi7Hzf23+ToMsX/ofzQl2NVHE9QI8fw85KhEWlz4OmXfAcXrR
9z5FSKb+bpL1hCYokB2tv7Ey8UAsZeE2RNUvPgpdLcZ8MOqtUXVexghSh9lPQ+js
N5lPBz2pu3OdtefIZU2bZfd5ZQLjI8gqfS9Y1TOXLrirh6kYgn0SjGiteQFKuod4
ym04jEuzJpicFqH03vgIYVN6EI2+/yUKdNKnZKQqSiIvDNIvu/8=
=uBP0
-----END PGP SIGNATURE-----
Reply to: