Updated xrdp packages fix security vulnerability
Publication date: 30 Sep 2023Modification date: 30 Sep 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2023-40184
Description
In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. (CVE-2023-40184)
References
SRPMS
9/core
- xrdp-0.9.23-1.mga9
8/core
- xrdp-0.9.23-1.mga8