USN-6474-1

Source
https://ubuntu.com/security/notices/USN-6474-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6474-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/USN-6474-1
Related
Published
2023-11-08T13:47:00.462142Z
Modified
2023-11-08T13:47:00.462142Z
Summary
xrdp vulnerabilities
Details

It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. (CVE-2022-23479, CVE-2022-23481, CVE-2022-23483, CVE-2023-42822)

It was discovered that xrdp improperly handled session establishment errors. An attacker could potentially use this issue to bypass the OS-level session restrictions by PAM. (CVE-2023-40184)

It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds writes. An attacker could possibly use this issue to cause memory corruption or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23468)

It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23480, CVE-2022-23482, CVE-2022-23484)

It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23477, CVE-2022-23493)

It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds writes. An attacker could possibly use this issue to cause memory corruption or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23478)

It was discovered that xrdp incorrectly handled validation of client-supplied data, which could lead to out-of-bounds reads. An attacker could possibly use this issue to crash the program or extract sensitive information. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-23613)

References

Affected packages

Ubuntu:Pro:14.04:LTS / xrdp

Package

Name
xrdp
Purl
pkg:deb/ubuntu/xrdp?arch=src?distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.0-1ubuntu0.1+esm3

Affected versions

0.*

0.6.0-1
0.6.0-1ubuntu0.1
0.6.0-1ubuntu0.1+esm1
0.6.0-1ubuntu0.1+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "0.6.0-1ubuntu0.1+esm3",
            "binary_name": "xrdp"
        },
        {
            "binary_version": "0.6.0-1ubuntu0.1+esm3",
            "binary_name": "xrdp-dbgsym"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / xrdp

Package

Name
xrdp
Purl
pkg:deb/ubuntu/xrdp?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.6.1-2ubuntu0.3+esm3

Affected versions

0.*

0.6.1-2
0.6.1-2ubuntu0.1
0.6.1-2ubuntu0.3
0.6.1-2ubuntu0.3+esm1
0.6.1-2ubuntu0.3+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "0.6.1-2ubuntu0.3+esm3",
            "binary_name": "xrdp"
        },
        {
            "binary_version": "0.6.1-2ubuntu0.3+esm3",
            "binary_name": "xrdp-dbgsym"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / xrdp

Package

Name
xrdp
Purl
pkg:deb/ubuntu/xrdp?arch=src?distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.5-2ubuntu0.1~esm2

Affected versions

0.*

0.9.1-9
0.9.4-1
0.9.4-2
0.9.4-3
0.9.4-4
0.9.4-5
0.9.5-1
0.9.5-1build1
0.9.5-2
0.9.5-2ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "0.9.5-2ubuntu0.1~esm2",
            "binary_name": "xorgxrdp"
        },
        {
            "binary_version": "0.9.5-2ubuntu0.1~esm2",
            "binary_name": "xorgxrdp-dbgsym"
        },
        {
            "binary_version": "0.9.5-2ubuntu0.1~esm2",
            "binary_name": "xrdp"
        },
        {
            "binary_version": "0.9.5-2ubuntu0.1~esm2",
            "binary_name": "xrdp-dbgsym"
        },
        {
            "binary_version": "0.9.5-2ubuntu0.1~esm2",
            "binary_name": "xrdp-pulseaudio-installer"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / xrdp

Package

Name
xrdp
Purl
pkg:deb/ubuntu/xrdp?arch=src?distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.12-1ubuntu0.1+esm1

Affected versions

0.*

0.9.9-1
0.9.12-1
0.9.12-1ubuntu0.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "0.9.12-1ubuntu0.1+esm1",
            "binary_name": "xrdp"
        },
        {
            "binary_version": "0.9.12-1ubuntu0.1+esm1",
            "binary_name": "xrdp-dbgsym"
        }
    ]
}

Ubuntu:Pro:22.04:LTS / xrdp

Package

Name
xrdp
Purl
pkg:deb/ubuntu/xrdp?arch=src?distro=esm-apps/jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.17-2ubuntu2+esm1

Affected versions

0.*

0.9.15-1ubuntu1
0.9.17-1
0.9.17-2
0.9.17-2ubuntu1
0.9.17-2ubuntu2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "0.9.17-2ubuntu2+esm1",
            "binary_name": "xrdp"
        },
        {
            "binary_version": "0.9.17-2ubuntu2+esm1",
            "binary_name": "xrdp-dbgsym"
        }
    ]
}