USN-6474-1

Source

https://ubuntu.com/security/notices/USN-6474-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/USN-6474-1.json

Related

Published

2023-11-08T13:47:00.462142Z

Modified

2023-11-08T13:47:00.462142Z

Summary

xrdp vulnerabilities

Details

It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. (CVE-2022-23479, CVE-2022-23481, CVE-2022-23483, CVE-2023-42822)

It was discovered that xrdp improperly handled session establishment errors. An attacker could potentially use this issue to bypass the OS-level session restrictions by PAM. (CVE-2023-40184)

It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds writes. An attacker could possibly use this issue to cause memory corruption or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23468)

It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23480, CVE-2022-23482, CVE-2022-23484)

It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23477, CVE-2022-23493)

It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-23613)

References

Affected packages

Ubuntu:Pro:18.04:LTS / xrdp

Package

Name: xrdp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.9.5-2ubuntu0.1~esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "xrdp": "0.9.5-2ubuntu0.1~esm2",
            "xrdp-pulseaudio-installer": "0.9.5-2ubuntu0.1~esm2",
            "xorgxrdp": "0.9.5-2ubuntu0.1~esm2"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / xrdp

Package

Name: xrdp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.9.12-1ubuntu0.1+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "xrdp": "0.9.12-1ubuntu0.1+esm1"
        }
    ]
}

Ubuntu:Pro:22.04:LTS / xrdp

Package

Name: xrdp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.9.17-2ubuntu2+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "xrdp": "0.9.17-2ubuntu2+esm1"
        }
    ]
}

Ubuntu:Pro:14.04:LTS / xrdp

Package

Name: xrdp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.6.0-1ubuntu0.1+esm3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "xrdp": "0.6.0-1ubuntu0.1+esm3"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / xrdp

Package

Name: xrdp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.6.1-2ubuntu0.3+esm3

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "xrdp": "0.6.1-2ubuntu0.3+esm3"
        }
    ]
}