FEDORA-2022-0a7ffb8709

Packages in this update:

xrdp-0.9.21-1.fc35

Update description:

Release notes for xrdp v0.9.21 (2022/12/10)

General announcements

Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.

Security fixes

This update is recommended for all xrdp users and provides following important security fixes:

CVE-2022-23468
CVE-2022-23477
CVE-2022-23478
CVE-2022-23479
CVE-2022-23480
CVE-2022-23481
CVE-2022-23483
CVE-2022-23482
CVE-2022-23484
CVE-2022-23493

These security issues are reported by Team BT5 (BoB 11th). We appreciate their great help with making and reviewing patches.
New features

openSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts (#2413)
VNC backend session now supports extra mouse buttons 6, 7 and 8 (#2426)

Bug fixes

Passwords are no longer left on the heap in sesman (#1599 #2439)
Set permissions on pcsc socket dir to owner only (#2454 #2460)

Internal changes

CI updates to cope with github upgrades (#2395)

Changes for packagers or developers

Nothing this time.

Known issues

On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
xrdp’s login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)

Read More