Описание
Security update for xrdp
This update for xrdp fixes the following issues:
- CVE-2023-42822: Fixed unchecked access to font glyph info (bsc#1215803).
Список пакетов
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP3-SAPCAL-Azure
xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP3-SAPCAL-EC2-HVM
xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP3-SAPCAL-GCE
xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP4-SAP
xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP4-SAP-Azure
xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP4-SAP-EC2
xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP4-SAP-GCE
xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP4-SAPCAL
xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP4-SAPCAL-Azure
xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP4-SAPCAL-EC2
xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP4-SAPCAL-GCE
xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP5-SAP-Azure-LI-BYOS
xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS
xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP5-SAPCAL-Azure
xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP5-SAPCAL-EC2
xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP5-SAPCAL-GCE
xrdp-0.9.13.1-150200.4.27.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
libpainter0-0.9.13.1-150200.4.27.1
librfxencode0-0.9.13.1-150200.4.27.1
xrdp-0.9.13.1-150200.4.27.1
xrdp-devel-0.9.13.1-150200.4.27.1
SUSE Linux Enterprise Module for Basesystem 15 SP5
libpainter0-0.9.13.1-150200.4.27.1
librfxencode0-0.9.13.1-150200.4.27.1
xrdp-0.9.13.1-150200.4.27.1
xrdp-devel-0.9.13.1-150200.4.27.1
openSUSE Leap 15.4
libpainter0-0.9.13.1-150200.4.27.1
librfxencode0-0.9.13.1-150200.4.27.1
xrdp-0.9.13.1-150200.4.27.1
xrdp-devel-0.9.13.1-150200.4.27.1
openSUSE Leap 15.5
libpainter0-0.9.13.1-150200.4.27.1
librfxencode0-0.9.13.1-150200.4.27.1
xrdp-0.9.13.1-150200.4.27.1
xrdp-devel-0.9.13.1-150200.4.27.1
Ссылки
- Link for SUSE-SU-2023:4577-1
- E-Mail link for SUSE-SU-2023:4577-1
- SUSE Security Ratings
- SUSE Bug 1215803
- SUSE CVE CVE-2023-42822 page
Описание
xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdp_painter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a potentially privileged process. On non-Debian platforms, xrdp tends to run as root. Potentially an out-of-bounds write can follow the out-of-bounds read. There is no denial-of-service impact, providing xrdp is running in forking mode. This issue has been addressed in release 0.9.23.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Затронутые продукты
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:xrdp-0.9.13.1-150200.4.27.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:xrdp-0.9.13.1-150200.4.27.1
Ссылки
- CVE-2023-42822
- SUSE Bug 1215803