stable

xrdp-0.9.23-1.el7

FEDORA-EPEL-2023-0640e2bbd1 created by bojan a year ago for Fedora EPEL 7

Release notes for xrdp v0.9.23 (2023/08/31)

General announcements

  • Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.

Security fixes

  • CVE-2023-40184: Improper handling of session establishment errors allows bypassing OS-level session restrictions (Reported by @gafusss)

Bug fixes

  • Environment variables set by PAM modules are no longer restricted to around 250 characters (#2712)
  • X11 clipboard clients now no longer hang when requesting a clipboard format which isn't available (#2767)

New features

No new features in this release. Internal changes

  • Introduce release tarball generation script (#2703)
  • cppcheck version used for CI bumped to 2.11 (#2738)

Known issues

  • On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
  • xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)

Logout Required
After installing this update it is required that you logout of your current user session and log back in to ensure the changes supplied by this update are applied properly.

This update has been submitted for testing by bojan.

a year ago

This update's test gating status has been changed to 'ignored'.

a year ago

This update has been pushed to testing.

a year ago

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
low
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
approved
a year ago
BZ#2236307 CVE-2023-40184 xrdp: xdp: restriction bypass via improper session handling [fedora-all]
0
0
BZ#2236308 CVE-2023-40184 xrdp: xdp: restriction bypass via improper session handling [epel-all]
0
0

Automated Test Results