Описание
Security update for xrdp
This update for xrdp fixes the following issues:
- CVE-2023-40184: Fixed restriction bypass via improper session handling (bsc#1214805).
Список пакетов
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP3-SAPCAL-Azure
xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP3-SAPCAL-EC2-HVM
xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP3-SAPCAL-GCE
xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP4-SAP
xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP4-SAP-Azure
xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP4-SAP-EC2
xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP4-SAP-GCE
xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP4-SAPCAL
xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP4-SAPCAL-Azure
xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP4-SAPCAL-EC2
xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP4-SAPCAL-GCE
xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP5-SAPCAL-Azure
xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP5-SAPCAL-EC2
xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP5-SAPCAL-GCE
xrdp-0.9.13.1-150200.4.24.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
libpainter0-0.9.13.1-150200.4.24.1
librfxencode0-0.9.13.1-150200.4.24.1
xrdp-0.9.13.1-150200.4.24.1
xrdp-devel-0.9.13.1-150200.4.24.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
libpainter0-0.9.13.1-150200.4.24.1
librfxencode0-0.9.13.1-150200.4.24.1
xrdp-0.9.13.1-150200.4.24.1
xrdp-devel-0.9.13.1-150200.4.24.1
SUSE Manager Proxy 4.2
libpainter0-0.9.13.1-150200.4.24.1
librfxencode0-0.9.13.1-150200.4.24.1
xrdp-0.9.13.1-150200.4.24.1
xrdp-devel-0.9.13.1-150200.4.24.1
SUSE Manager Server 4.2
libpainter0-0.9.13.1-150200.4.24.1
librfxencode0-0.9.13.1-150200.4.24.1
xrdp-0.9.13.1-150200.4.24.1
xrdp-devel-0.9.13.1-150200.4.24.1
openSUSE Leap 15.4
libpainter0-0.9.13.1-150200.4.24.1
librfxencode0-0.9.13.1-150200.4.24.1
xrdp-0.9.13.1-150200.4.24.1
xrdp-devel-0.9.13.1-150200.4.24.1
openSUSE Leap 15.5
libpainter0-0.9.13.1-150200.4.24.1
librfxencode0-0.9.13.1-150200.4.24.1
xrdp-0.9.13.1-150200.4.24.1
xrdp-devel-0.9.13.1-150200.4.24.1
Ссылки
- Link for SUSE-SU-2023:3830-1
- E-Mail link for SUSE-SU-2023:3830-1
- SUSE Security Ratings
- SUSE Bug 1214805
- SUSE CVE CVE-2023-40184 page
Описание
xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue.
Затронутые продукты
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:xrdp-0.9.13.1-150200.4.24.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:xrdp-0.9.13.1-150200.4.24.1
Ссылки
- CVE-2023-40184
- SUSE Bug 1214805