Security Information / 2023 / Security Information -- DSA-5502-1 xrdp

Debian Security Advisory

DSA-5502-1 xrdp -- security update

Date Reported:

18 Sep 2023

Affected Packages:

xrdp

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 1025879.
In Mitre's CVE dictionary: CVE-2022-23468, CVE-2022-23477, CVE-2022-23478, CVE-2022-23479, CVE-2022-23480, CVE-2022-23481, CVE-2022-23482, CVE-2022-23483, CVE-2022-23484, CVE-2022-23493.

More information:

Multiple security vulnerabilities have been found in xrdp, a remote desktop protocol server. Buffer overflows and out-of-bound writes may cause a denial of service or other unspecified impact.

For the oldstable distribution (bullseye), these problems have been fixed in version 0.9.21.1-1~deb11u1.

We recommend that you upgrade your xrdp packages.

For the detailed security status of xrdp please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xrdp