Описание
Security update for xrdp
This update for xrdp fixes the following issues:
- CVE-2022-23468: Fixed a buffer overflow in xrdp_login_wnd_create() (bsc#1206300).
- CVE-2022-23478: Fixed an out of bound write in xrdp_mm_trans_process_drdynvc_chan() (bsc#1206302).
- CVE-2022-23479: Fixed a buffer overflow in xrdp_mm_chan_data_in() (bsc#1206303).
- CVE-2022-23480: Fixed a buffer overflow in devredir_proc_client_devlist_announce_req() (bsc#1206306).
- CVE-2022-23481: Fixed an out of bound read in xrdp_caps_process_confirm_active() (bsc#1206307).
- CVE-2022-23482: Fixed an out of bound read in xrdp_sec_process_mcs_data_CS_CORE() (bsc#1206310).
- CVE-2022-23483: Fixed an out of bound read in libxrdp_send_to_channel() (bsc#1206311).
- CVE-2022-23484: Fixed a integer overflow in xrdp_mm_process_rail_update_window_text() (bsc#1206312).
- CVE-2022-23493: Fixed an out of bound read in xrdp_mm_trans_process_drdynvc_channel_close() (bsc#1206313).
Список пакетов
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
Image SLES15-SP3-SAPCAL-Azure
Image SLES15-SP3-SAPCAL-EC2-HVM
Image SLES15-SP3-SAPCAL-GCE
Image SLES15-SP4-SAP
Image SLES15-SP4-SAP-Azure
Image SLES15-SP4-SAP-Azure-LI-BYOS
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
Image SLES15-SP4-SAP-Azure-VLI-BYOS
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
Image SLES15-SP4-SAP-EC2
Image SLES15-SP4-SAP-GCE
Image SLES15-SP4-SAPCAL
Image SLES15-SP4-SAPCAL-Azure
Image SLES15-SP4-SAPCAL-EC2
Image SLES15-SP4-SAPCAL-GCE
Image SLES15-SP5-SAP-Azure
Image SLES15-SP5-SAP-Azure-LI-BYOS
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
Image SLES15-SP5-SAP-Azure-VLI-BYOS
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
Image SLES15-SP5-SAP-EC2
Image SLES15-SP5-SAP-GCE
Image SLES15-SP5-SAPCAL-Azure
Image SLES15-SP5-SAPCAL-EC2
Image SLES15-SP5-SAPCAL-GCE
SUSE Enterprise Storage 7
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
SUSE Linux Enterprise Module for Basesystem 15 SP4
SUSE Linux Enterprise Real Time 15 SP3
SUSE Linux Enterprise Server 15 SP2-LTSS
SUSE Linux Enterprise Server 15 SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.1
SUSE Manager Server 4.2
openSUSE Leap 15.4
Ссылки
- Link for SUSE-SU-2023:0033-1
- E-Mail link for SUSE-SU-2023:0033-1
- SUSE Security Ratings
- SUSE Bug 1206300
- SUSE Bug 1206302
- SUSE Bug 1206303
- SUSE Bug 1206306
- SUSE Bug 1206307
- SUSE Bug 1206310
- SUSE Bug 1206311
- SUSE Bug 1206312
- SUSE Bug 1206313
- SUSE CVE CVE-2022-23468 page
- SUSE CVE CVE-2022-23478 page
- SUSE CVE CVE-2022-23479 page
- SUSE CVE CVE-2022-23480 page
- SUSE CVE CVE-2022-23481 page
- SUSE CVE CVE-2022-23482 page
- SUSE CVE CVE-2022-23483 page
- SUSE CVE CVE-2022-23484 page
Описание
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. There are no known workarounds for this issue. Users are advised to upgrade.
Затронутые продукты
Ссылки
- CVE-2022-23468
- SUSE Bug 1206300
Описание
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known workarounds for this issue. Users are advised to upgrade.
Затронутые продукты
Ссылки
- CVE-2022-23478
- SUSE Bug 1206302
Описание
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. There are no known workarounds for this issue. Users are advised to upgrade.
Затронутые продукты
Ссылки
- CVE-2022-23479
- SUSE Bug 1206303
Описание
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function. There are no known workarounds for this issue. Users are advised to upgrade.
Затронутые продукты
Ссылки
- CVE-2022-23480
- SUSE Bug 1206306
Описание
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function. There are no known workarounds for this issue. Users are advised to upgrade.
Затронутые продукты
Ссылки
- CVE-2022-23481
- SUSE Bug 1206307
Описание
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. There are no known workarounds for this issue. Users are advised to upgrade.
Затронутые продукты
Ссылки
- CVE-2022-23482
- SUSE Bug 1206310
Описание
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade.
Затронутые продукты
Ссылки
- CVE-2022-23483
- SUSE Bug 1206311
Описание
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. There are no known workarounds for this issue. Users are advised to upgrade.
Затронутые продукты
Ссылки
- CVE-2022-23484
- SUSE Bug 1206312
Описание
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close() function. There are no known workarounds for this issue. Users are advised to upgrade.
Затронутые продукты
Ссылки
- CVE-2022-23493
- SUSE Bug 1206313