Описание
Security update for xrdp
This update for xrdp fixes the following issues:
- CVE-2022-23468: Fixed a buffer overflow in xrdp_login_wnd_create() (bsc#1206300).
- CVE-2022-23479: Fixed a buffer overflow in xrdp_mm_chan_data_in() (bsc#1206303).
- CVE-2022-23480: Fixed a buffer overflow in devredir_proc_client_devlist_announce_req() (bsc#1206306).
- CVE-2022-23481: Fixed an out of bound read in xrdp_caps_process_confirm_active() (bsc#1206307).
- CVE-2022-23482: Fixed an out of bound read in xrdp_sec_process_mcs_data_CS_CORE() (bsc#1206310).
- CVE-2022-23483: Fixed an out of bound read in libxrdp_send_to_channel() (bsc#1206311).
- CVE-2022-23484: Fixed a integer overflow in xrdp_mm_process_rail_update_window_text() (bsc#1206312).
Список пакетов
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
SUSE Enterprise Storage 6
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
SUSE Linux Enterprise Server 15 SP1-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP1
Ссылки
- Link for SUSE-SU-2023:0012-1
- E-Mail link for SUSE-SU-2023:0012-1
- SUSE Security Ratings
- SUSE Bug 1206300
- SUSE Bug 1206303
- SUSE Bug 1206306
- SUSE Bug 1206307
- SUSE Bug 1206310
- SUSE Bug 1206311
- SUSE Bug 1206312
- SUSE CVE CVE-2022-23468 page
- SUSE CVE CVE-2022-23479 page
- SUSE CVE CVE-2022-23480 page
- SUSE CVE CVE-2022-23481 page
- SUSE CVE CVE-2022-23482 page
- SUSE CVE CVE-2022-23483 page
- SUSE CVE CVE-2022-23484 page
Описание
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. There are no known workarounds for this issue. Users are advised to upgrade.
Затронутые продукты
Ссылки
- CVE-2022-23468
- SUSE Bug 1206300
Описание
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. There are no known workarounds for this issue. Users are advised to upgrade.
Затронутые продукты
Ссылки
- CVE-2022-23479
- SUSE Bug 1206303
Описание
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function. There are no known workarounds for this issue. Users are advised to upgrade.
Затронутые продукты
Ссылки
- CVE-2022-23480
- SUSE Bug 1206306
Описание
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function. There are no known workarounds for this issue. Users are advised to upgrade.
Затронутые продукты
Ссылки
- CVE-2022-23481
- SUSE Bug 1206307
Описание
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. There are no known workarounds for this issue. Users are advised to upgrade.
Затронутые продукты
Ссылки
- CVE-2022-23482
- SUSE Bug 1206310
Описание
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade.
Затронутые продукты
Ссылки
- CVE-2022-23483
- SUSE Bug 1206311
Описание
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. There are no known workarounds for this issue. Users are advised to upgrade.
Затронутые продукты
Ссылки
- CVE-2022-23484
- SUSE Bug 1206312