[SECURITY] Fedora 38 Update: xrdp-0.9.23-1.fc38

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2023-b1d585e148 2023-09-10 01:18:51.874058 -------------------------------------------------------------------------------- Name : xrdp Product : Fedora 38 Version : 0.9.23 Release : 1.fc38 URL : http://www.xrdp.org/ Summary : Open source remote desktop protocol (RDP) server Description : xrdp provides a fully functional RDP server compatible with a wide range of RDP clients, including FreeRDP and Microsoft RDP client. -------------------------------------------------------------------------------- Update Information: Release notes for xrdp v0.9.23 (2023/08/31) General announcements - Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible. Security fixes - CVE-2023-40184: Improper handling of session establishment errors allows bypassing OS-level session restrictions (Reported by @gafusss) Bug fixes - Environment variables set by PAM modules are no longer restricted to around 250 characters (#2712) - X11 clipboard clients now no longer hang when requesting a clipboard format which isn't available (#2767) New features No new features in this release. Internal changes - Introduce release tarball generation script (#2703) - cppcheck version used for CI bumped to 2.11 (#2738) Known issues - On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869) - xrdp's login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867) -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 1 2023 Bojan Smojver <bojan(a)rexursive.com&gt; - 1:0.9.23-1 - Update to 0.9.23 - CVE-2023-40184 * Sat Jul 22 2023 Fedora Release Engineering <releng(a)fedoraproject.org&gt; - 1:0.9.22.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Tue Jun 13 2023 Leigh Scott <leigh123linux(a)gmail.com&gt; - 1:0.9.22.1-3 - Rebuild fo new imlib2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2236307 - CVE-2023-40184 xrdp: xdp: restriction bypass via improper session handling [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2236307 [ 2 ] Bug #2236308 - CVE-2023-40184 xrdp: xdp: restriction bypass via improper session handling [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2236308 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-b1d585e148' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------