USN-6474-1: xrdp vulnerabilities

Read Time:1 Minute, 43 Second

It was discovered that xrdp incorrectly handled validation of
client-supplied data, which could lead to out-of-bounds reads. An attacker
could possibly use this issue to crash the program or extract sensitive
information. (CVE-2022-23479, CVE-2022-23481, CVE-2022-23483,
CVE-2023-42822)

It was discovered that xrdp improperly handled session establishment
errors. An attacker could potentially use this issue to bypass the
OS-level session restrictions by PAM. (CVE-2023-40184)

It was discovered that xrdp incorrectly handled validation of
client-supplied data, which could lead to out-of-bounds writes. An attacker
could possibly use this issue to cause memory corruption or execute
arbitrary code. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-23468)

It was discovered that xrdp incorrectly handled validation of
client-supplied data, which could lead to out-of-bounds reads. An attacker
could possibly use this issue to crash the program or extract sensitive
information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS
and Ubuntu 22.04 LTS. (CVE-2022-23480, CVE-2022-23482, CVE-2022-23484)

It was discovered that xrdp incorrectly handled validation of
client-supplied data, which could lead to out-of-bounds reads. An attacker
could possibly use this issue to crash the program or extract sensitive
information. This issue only affected Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2022-23477, CVE-2022-23493)

It was discovered that xrdp incorrectly handled validation of
client-supplied data, which could lead to out-of-bounds reads. An attacker
could possibly use this issue to crash the program or extract sensitive
information. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-23613)

Russian Cyber-Attacks Home in on Ukraine’s Military Infrastructure

Quantum Computing and Cybersecurity – Preparing for a New Age of Threats

LinkedIn Pauses GenAI Training Following ICO Concerns

German Police Shutter 47 Criminal Crypto Exchanges

Friday Squid Blogging: Squid Game Season Two Teaser

Clever Social Engineering Attack Using Captchas

US Cyberspace Solarium Commission Outlines Ten New Cyber Policy Priorities

Cybersecurity Skills Gap Leaves Cloud Environments Vulnerable

Going for Gold: HSBC Approves Quantum-Safe Technology for Tokenized Bullions

USN-7028-1: Linux kernel vulnerabilities

python-zipp-0.5.1-4.el8

USN-7020-2: Linux kernel vulnerabilities

USN-7007-2: Linux kernel vulnerabilities

USN-6992-2: Firefox regressions

GLSA 202409-20: curl: Multiple Vulnerabilities