USN-6474-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-6474-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6474-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-6474-1

Related

Published

2023-11-08T13:47:00.462142Z

Modified

2023-11-08T13:47:00.462142Z

Summary

xrdp vulnerabilities

Details

It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. (CVE-2022-23479, CVE-2022-23481, CVE-2022-23483, CVE-2023-42822)

It was discovered that xrdp improperly handled session establishment errors. An attacker could potentially use this issue to bypass the OS-level session restrictions by PAM. (CVE-2023-40184)

It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds writes. An attacker could possibly use this issue to cause memory corruption or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23468)

It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23480, CVE-2022-23482, CVE-2022-23484)

It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23477, CVE-2022-23493)

It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-23613)

References

Affected packages

Ubuntu:Pro:14.04:LTS / xrdp

Package

Name: xrdp
Purl: pkg:deb/ubuntu/xrdp?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.6.0-1ubuntu0.1+esm3

Affected versions

0.*

0.6.0-1

0.6.0-1ubuntu0.1

0.6.0-1ubuntu0.1+esm1

0.6.0-1ubuntu0.1+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "0.6.0-1ubuntu0.1+esm3",
            "binary_name": "xrdp"
        },
        {
            "binary_version": "0.6.0-1ubuntu0.1+esm3",
            "binary_name": "xrdp-dbgsym"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / xrdp

Package

Name: xrdp
Purl: pkg:deb/ubuntu/xrdp?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.6.1-2ubuntu0.3+esm3

Affected versions

0.*

0.6.1-2

0.6.1-2ubuntu0.1

0.6.1-2ubuntu0.3

0.6.1-2ubuntu0.3+esm1

0.6.1-2ubuntu0.3+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "0.6.1-2ubuntu0.3+esm3",
            "binary_name": "xrdp"
        },
        {
            "binary_version": "0.6.1-2ubuntu0.3+esm3",
            "binary_name": "xrdp-dbgsym"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / xrdp

Package

Name: xrdp
Purl: pkg:deb/ubuntu/xrdp?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.5-2ubuntu0.1~esm2

Affected versions

0.*

0.9.1-9

0.9.4-1

0.9.4-2

0.9.4-3

0.9.4-4

0.9.4-5

0.9.5-1

0.9.5-1build1

0.9.5-2

0.9.5-2ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "0.9.5-2ubuntu0.1~esm2",
            "binary_name": "xorgxrdp"
        },
        {
            "binary_version": "0.9.5-2ubuntu0.1~esm2",
            "binary_name": "xorgxrdp-dbgsym"
        },
        {
            "binary_version": "0.9.5-2ubuntu0.1~esm2",
            "binary_name": "xrdp"
        },
        {
            "binary_version": "0.9.5-2ubuntu0.1~esm2",
            "binary_name": "xrdp-dbgsym"
        },
        {
            "binary_version": "0.9.5-2ubuntu0.1~esm2",
            "binary_name": "xrdp-pulseaudio-installer"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / xrdp

Package

Name: xrdp
Purl: pkg:deb/ubuntu/xrdp?arch=src?distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.12-1ubuntu0.1+esm1

Affected versions

0.*

0.9.9-1

0.9.12-1

0.9.12-1ubuntu0.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "0.9.12-1ubuntu0.1+esm1",
            "binary_name": "xrdp"
        },
        {
            "binary_version": "0.9.12-1ubuntu0.1+esm1",
            "binary_name": "xrdp-dbgsym"
        }
    ]
}

Ubuntu:Pro:22.04:LTS / xrdp

Package

Name: xrdp
Purl: pkg:deb/ubuntu/xrdp?arch=src?distro=esm-apps/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.17-2ubuntu2+esm1

Affected versions

0.*

0.9.15-1ubuntu1

0.9.17-1

0.9.17-2

0.9.17-2ubuntu1

0.9.17-2ubuntu2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "0.9.17-2ubuntu2+esm1",
            "binary_name": "xrdp"
        },
        {
            "binary_version": "0.9.17-2ubuntu2+esm1",
            "binary_name": "xrdp-dbgsym"
        }
    ]
}