Описание
Security update for xrdp
This update for xrdp fixes the following issues:
- CVE-2024-39917: Enforce no login screen if require_credentials is set (bsc#1227769)
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP6
libpainter0-0.9.13.1-150600.15.3.1
librfxencode0-0.9.13.1-150600.15.3.1
xrdp-0.9.13.1-150600.15.3.1
xrdp-devel-0.9.13.1-150600.15.3.1
openSUSE Leap 15.6
libpainter0-0.9.13.1-150600.15.3.1
librfxencode0-0.9.13.1-150600.15.3.1
xrdp-0.9.13.1-150600.15.3.1
xrdp-devel-0.9.13.1-150600.15.3.1
Ссылки
- Link for SUSE-SU-2025:0336-1
- E-Mail link for SUSE-SU-2025:0336-1
- SUSE Security Ratings
- SUSE Bug 1227769
- SUSE CVE CVE-2024-39917 page
Описание
xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:libpainter0-0.9.13.1-150600.15.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:librfxencode0-0.9.13.1-150600.15.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:xrdp-0.9.13.1-150600.15.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:xrdp-devel-0.9.13.1-150600.15.3.1
Ссылки
- CVE-2024-39917
- SUSE Bug 1227769