Updated xrdp packages fix security vulnerability
Publication date: 10 Jan 2021Modification date: 10 Jan 2021
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-4044
Description
Ashley Newson discovered that the XRDP sessions manager was susceptible to denial of service. A local attacker can further take advantage of this flaw to impersonate the XRDP sessions manager and capture any user credentials that are submitted to XRDP, approve or reject arbitrary login credentials or to hijack existing sessions for xorgxrdp sessions (CVE-2020-4044).
References
SRPMS
7/core
- xrdp-0.9.10-1.1.mga7