Описание
Security update for xrdp
This update for xrdp fixes the following issues:
- CVE-2024-39917: Enforce no login screen if require_credentials is set (bsc#1227769)
Список пакетов
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
xrdp-0.9.13.1-150200.4.33.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
xrdp-0.9.13.1-150200.4.33.1
SUSE Enterprise Storage 7.1
libpainter0-0.9.13.1-150200.4.33.1
librfxencode0-0.9.13.1-150200.4.33.1
xrdp-0.9.13.1-150200.4.33.1
xrdp-devel-0.9.13.1-150200.4.33.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
libpainter0-0.9.13.1-150200.4.33.1
librfxencode0-0.9.13.1-150200.4.33.1
xrdp-0.9.13.1-150200.4.33.1
xrdp-devel-0.9.13.1-150200.4.33.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
libpainter0-0.9.13.1-150200.4.33.1
librfxencode0-0.9.13.1-150200.4.33.1
xrdp-0.9.13.1-150200.4.33.1
xrdp-devel-0.9.13.1-150200.4.33.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
libpainter0-0.9.13.1-150200.4.33.1
librfxencode0-0.9.13.1-150200.4.33.1
xrdp-0.9.13.1-150200.4.33.1
xrdp-devel-0.9.13.1-150200.4.33.1
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
libpainter0-0.9.13.1-150200.4.33.1
librfxencode0-0.9.13.1-150200.4.33.1
xrdp-0.9.13.1-150200.4.33.1
xrdp-devel-0.9.13.1-150200.4.33.1
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
libpainter0-0.9.13.1-150200.4.33.1
librfxencode0-0.9.13.1-150200.4.33.1
xrdp-0.9.13.1-150200.4.33.1
xrdp-devel-0.9.13.1-150200.4.33.1
SUSE Linux Enterprise Server 15 SP3-LTSS
libpainter0-0.9.13.1-150200.4.33.1
librfxencode0-0.9.13.1-150200.4.33.1
xrdp-0.9.13.1-150200.4.33.1
xrdp-devel-0.9.13.1-150200.4.33.1
SUSE Linux Enterprise Server 15 SP4-LTSS
libpainter0-0.9.13.1-150200.4.33.1
librfxencode0-0.9.13.1-150200.4.33.1
xrdp-0.9.13.1-150200.4.33.1
xrdp-devel-0.9.13.1-150200.4.33.1
SUSE Linux Enterprise Server 15 SP5-LTSS
libpainter0-0.9.13.1-150200.4.33.1
librfxencode0-0.9.13.1-150200.4.33.1
xrdp-0.9.13.1-150200.4.33.1
xrdp-devel-0.9.13.1-150200.4.33.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
libpainter0-0.9.13.1-150200.4.33.1
librfxencode0-0.9.13.1-150200.4.33.1
xrdp-0.9.13.1-150200.4.33.1
xrdp-devel-0.9.13.1-150200.4.33.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
libpainter0-0.9.13.1-150200.4.33.1
librfxencode0-0.9.13.1-150200.4.33.1
xrdp-0.9.13.1-150200.4.33.1
xrdp-devel-0.9.13.1-150200.4.33.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
libpainter0-0.9.13.1-150200.4.33.1
librfxencode0-0.9.13.1-150200.4.33.1
xrdp-0.9.13.1-150200.4.33.1
xrdp-devel-0.9.13.1-150200.4.33.1
SUSE Manager Proxy 4.3
libpainter0-0.9.13.1-150200.4.33.1
librfxencode0-0.9.13.1-150200.4.33.1
xrdp-0.9.13.1-150200.4.33.1
xrdp-devel-0.9.13.1-150200.4.33.1
SUSE Manager Server 4.3
libpainter0-0.9.13.1-150200.4.33.1
librfxencode0-0.9.13.1-150200.4.33.1
xrdp-0.9.13.1-150200.4.33.1
xrdp-devel-0.9.13.1-150200.4.33.1
Ссылки
- Link for SUSE-SU-2025:0350-1
- E-Mail link for SUSE-SU-2025:0350-1
- SUSE Security Ratings
- SUSE Bug 1227769
- SUSE CVE CVE-2024-39917 page
Описание
xrdp is an open source RDP server. xrdp versions prior to 0.10.0 have a vulnerability that allows attackers to make an infinite number of login attempts. The number of max login attempts is supposed to be limited by a configuration parameter `MaxLoginRetry` in `/etc/xrdp/sesman.ini`. However, this mechanism was not effectively working. As a result, xrdp allows an infinite number of login attempts.
Затронутые продукты
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:xrdp-0.9.13.1-150200.4.33.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:xrdp-0.9.13.1-150200.4.33.1
SUSE Enterprise Storage 7.1:libpainter0-0.9.13.1-150200.4.33.1
SUSE Enterprise Storage 7.1:librfxencode0-0.9.13.1-150200.4.33.1
Ссылки
- CVE-2024-39917
- SUSE Bug 1227769