Mageia Advisory: MGASA-2023-0002 - Updated xrdp packages fix security vulnerability

Updated xrdp packages fix security vulnerability

Publication date: 13 Jan 2023
Modification date: 13 Jan 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-23468 , CVE-2022-23477 , CVE-2022-23478 , CVE-2022-23479 , CVE-2022-23480 , CVE-2022-23481 , CVE-2022-23482 , CVE-2022-23483 , CVE-2022-23484

Description

xrdp less than v0.9.21 contain a buffer over flow in
xrdp_login_wnd_create() function. (CVE-2022-23468)

xrdp less than v0.9.21 contain a buffer over flow in audin_send_open()
function. (CVE-2022-23477)

xrdp less than v0.9.21 contain a Out of Bound Write in
xrdp_mm_trans_process_drdynvc_channel_open() function. (CVE-2022-23478)

xrdp less than v0.9.21 contain a buffer over flow in
xrdp_mm_chan_data_in() function. (CVE-2022-23479)

xrdp less than v0.9.21 contain a buffer over flow in
devredir_proc_client_devlist_announce_req() function. (CVE-2022-23480)

xrdp less than v0.9.21 contain a Out of Bound Read in
xrdp_caps_process_confirm_active() function. (CVE-2022-23481)

xrdp less than v0.9.21 contain a Out of Bound Read in
xrdp_sec_process_mcs_data_CS_CORE() function. (CVE-2022-23482)

xrdp less than v0.9.21 contain a Out of Bound Read in
libxrdp_send_to_channel() function. (CVE-2022-23483)

xrdp less than v0.9.21 contain a Integer Overflow in
xrdp_mm_process_rail_update_window_text() function. (CVE-2022-23484)

xrdp less than v0.9.21 contain a Out of Bound Read in
xrdp_mm_trans_process_drdynvc_channel_close() function. (CVE-2022-23493)

References

SRPMS

8/core

xrdp-0.9.21-1.mga8

Advisories » MGASA-2023-0002

Updated xrdp packages fix security vulnerability

Description

References

SRPMS

8/core