Описание
Security update for xrdp
This update for xrdp fixes the following issues:
- CVE-2024-39917: Enforce no login screen if require_credentials is set (bsc#1227769)
Список пакетов
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
xrdp-0.9.10-3.19.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
xrdp-0.9.10-3.19.1
SUSE Linux Enterprise Server 12 SP5-LTSS
xrdp-0.9.10-3.19.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
xrdp-0.9.10-3.19.1
Ссылки
- Link for SUSE-SU-2025:0335-1
- E-Mail link for SUSE-SU-2025:0335-1
- SUSE Security Ratings
- SUSE Bug 1227769
- SUSE CVE CVE-2024-39917 page
Описание
xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts.
Затронутые продукты
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production:xrdp-0.9.10-3.19.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production:xrdp-0.9.10-3.19.1
SUSE Linux Enterprise Server 12 SP5-LTSS:xrdp-0.9.10-3.19.1
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:xrdp-0.9.10-3.19.1
Ссылки
- CVE-2024-39917
- SUSE Bug 1227769