Vulnerability Database
Blog
FAQ
Docs
SUSE-SU-2023:0374-1
See a problem?
Please try reporting it
to the source
first.
Source
https://www.suse.com/support/update/announcement/2023/suse-su-20230374-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:0374-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/SUSE-SU-2023:0374-1
Related
CVE-2022-23468
CVE-2022-23478
CVE-2022-23479
CVE-2022-23480
CVE-2022-23481
CVE-2022-23482
CVE-2022-23483
CVE-2022-23484
CVE-2022-23493
Published
2023-02-10T15:32:11Z
Modified
2023-02-10T15:32:11Z
Summary
Security update for xrdp
Details
This update for xrdp fixes the following issues:
CVE-2022-23468: Fixed a buffer overflow in xrdp
login
wnd_create() (bsc#1206300).
CVE-2022-23478: Fixed an out of bound write in xrdp
mm
trans
process
drdynvc_chan() (bsc#1206302).
CVE-2022-23479: Fixed a buffer overflow in xrdp
mm
chan
data
in() (bsc#1206303).
CVE-2022-23480: Fixed a buffer overflow in devredir
proc
client
devlist
announce_req() (bsc#1206306).
CVE-2022-23481: Fixed an out of bound read in xrdp
caps
process
confirm
active() (bsc#1206307).
CVE-2022-23482: Fixed an out of bound read in xrdp
sec
process
mcs
data
CS
CORE() (bsc#1206310, bsc#1206621).
CVE-2022-23483: Fixed an out of bound read in libxrdp
send
to_channel() (bsc#1206311).
CVE-2022-23484: Fixed a integer overflow in xrdp
mm
process
rail
update
window
text() (bsc#1206312).
CVE-2022-23493: Fixed an out of bound read in xrdp
mm
trans
process
drdynvc
channel
close() (bsc#1206313).
References
https://www.suse.com/support/update/announcement/2023/suse-su-20230374-1/
https://bugzilla.suse.com/1206300
https://bugzilla.suse.com/1206302
https://bugzilla.suse.com/1206303
https://bugzilla.suse.com/1206306
https://bugzilla.suse.com/1206307
https://bugzilla.suse.com/1206310
https://bugzilla.suse.com/1206311
https://bugzilla.suse.com/1206312
https://bugzilla.suse.com/1206313
https://bugzilla.suse.com/1206621
https://www.suse.com/security/cve/CVE-2022-23468
https://www.suse.com/security/cve/CVE-2022-23478
https://www.suse.com/security/cve/CVE-2022-23479
https://www.suse.com/security/cve/CVE-2022-23480
https://www.suse.com/security/cve/CVE-2022-23481
https://www.suse.com/security/cve/CVE-2022-23482
https://www.suse.com/security/cve/CVE-2022-23483
https://www.suse.com/security/cve/CVE-2022-23484
https://www.suse.com/security/cve/CVE-2022-23493
Affected packages
SUSE:Linux Enterprise Server 12 SP5
/
xrdp
Package
Name
xrdp
Purl
pkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0.9.10-3.8.1
Ecosystem specific
{ "binaries": [ { "xrdp": "0.9.10-3.8.1" } ] }
SUSE:Linux Enterprise Server for SAP Applications 12 SP5
/
xrdp
Package
Name
xrdp
Purl
pkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0.9.10-3.8.1
Ecosystem specific
{ "binaries": [ { "xrdp": "0.9.10-3.8.1" } ] }
SUSE-SU-2023:0374-1 - OSV