stable

xrdp-0.9.23-1.el7

FEDORA-EPEL-2023-0640e2bbd1 created by bojan 10 months ago for Fedora EPEL 7

Release notes for xrdp v0.9.23 (2023/08/31)

General announcements

  • Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.

Security fixes

  • CVE-2023-40184: Improper handling of session establishment errors allows bypassing OS-level session restrictions (Reported by @gafusss)

Bug fixes

  • Environment variables set by PAM modules are no longer restricted to around 250 characters (#2712)
  • X11 clipboard clients now no longer hang when requesting a clipboard format which isn't available (#2767)

New features

No new features in this release. Internal changes

  • Introduce release tarball generation script (#2703)
  • cppcheck version used for CI bumped to 2.11 (#2738)

Known issues

  • On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
  • xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)

Logout Required
After installing this update it is required that you logout of your current user session and log back in to ensure the changes supplied by this update are applied properly.

This update has been submitted for testing by bojan.

10 months ago

This update's test gating status has been changed to 'ignored'.

10 months ago

This update has been pushed to testing.

10 months ago

This update has been submitted for stable by bodhi.

10 months ago

This update has been pushed to stable.

10 months ago

Please login to add feedback.

Metadata
Type
security
Severity
low
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
10 months ago
in testing
10 months ago
in stable
10 months ago
approved
10 months ago
BZ#2236307 CVE-2023-40184 xrdp: xdp: restriction bypass via improper session handling [fedora-all]
0
0
BZ#2236308 CVE-2023-40184 xrdp: xdp: restriction bypass via improper session handling [epel-all]
0
0

Automated Test Results