Category Archives: Advisories

xrdp-0.9.21-1.el7

Read Time:1 Minute, 18 Second

FEDORA-EPEL-2022-0b26ab3924

Packages in this update:

xrdp-0.9.21-1.el7

Update description:

Release notes for xrdp v0.9.21 (2022/12/10)

General announcements

Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.

Security fixes

This update is recommended for all xrdp users and provides following important security fixes:

CVE-2022-23468
CVE-2022-23477
CVE-2022-23478
CVE-2022-23479
CVE-2022-23480
CVE-2022-23481
CVE-2022-23483
CVE-2022-23482
CVE-2022-23484
CVE-2022-23493

These security issues are reported by Team BT5 (BoB 11th). We appreciate their great help with making and reviewing patches.
New features

openSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts (#2413)
VNC backend session now supports extra mouse buttons 6, 7 and 8 (#2426)

Bug fixes

Passwords are no longer left on the heap in sesman (#1599 #2439)
Set permissions on pcsc socket dir to owner only (#2454 #2460)

Internal changes

CI updates to cope with github upgrades (#2395)

Changes for packagers or developers

Nothing this time.

Known issues

On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
xrdp’s login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)

Read More

xrdp-0.9.21-1.el8

Read Time:1 Minute, 18 Second

FEDORA-EPEL-2022-aaf428feb8

Packages in this update:

xrdp-0.9.21-1.el8

Update description:

Release notes for xrdp v0.9.21 (2022/12/10)

General announcements

Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.

Security fixes

This update is recommended for all xrdp users and provides following important security fixes:

CVE-2022-23468
CVE-2022-23477
CVE-2022-23478
CVE-2022-23479
CVE-2022-23480
CVE-2022-23481
CVE-2022-23483
CVE-2022-23482
CVE-2022-23484
CVE-2022-23493

These security issues are reported by Team BT5 (BoB 11th). We appreciate their great help with making and reviewing patches.
New features

openSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts (#2413)
VNC backend session now supports extra mouse buttons 6, 7 and 8 (#2426)

Bug fixes

Passwords are no longer left on the heap in sesman (#1599 #2439)
Set permissions on pcsc socket dir to owner only (#2454 #2460)

Internal changes

CI updates to cope with github upgrades (#2395)

Changes for packagers or developers

Nothing this time.

Known issues

On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
xrdp’s login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)

Read More

xrdp-0.9.21-1.fc37

Read Time:1 Minute, 18 Second

FEDORA-2022-6fe4046ae9

Packages in this update:

xrdp-0.9.21-1.fc37

Update description:

Release notes for xrdp v0.9.21 (2022/12/10)

General announcements

Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.

Security fixes

This update is recommended for all xrdp users and provides following important security fixes:

CVE-2022-23468
CVE-2022-23477
CVE-2022-23478
CVE-2022-23479
CVE-2022-23480
CVE-2022-23481
CVE-2022-23483
CVE-2022-23482
CVE-2022-23484
CVE-2022-23493

These security issues are reported by Team BT5 (BoB 11th). We appreciate their great help with making and reviewing patches.
New features

openSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts (#2413)
VNC backend session now supports extra mouse buttons 6, 7 and 8 (#2426)

Bug fixes

Passwords are no longer left on the heap in sesman (#1599 #2439)
Set permissions on pcsc socket dir to owner only (#2454 #2460)

Internal changes

CI updates to cope with github upgrades (#2395)

Changes for packagers or developers

Nothing this time.

Known issues

On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
xrdp’s login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)

Read More

xrdp-0.9.21-1.fc36

Read Time:1 Minute, 18 Second

FEDORA-2022-08d2138578

Packages in this update:

xrdp-0.9.21-1.fc36

Update description:

Release notes for xrdp v0.9.21 (2022/12/10)

General announcements

Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.

Security fixes

This update is recommended for all xrdp users and provides following important security fixes:

CVE-2022-23468
CVE-2022-23477
CVE-2022-23478
CVE-2022-23479
CVE-2022-23480
CVE-2022-23481
CVE-2022-23483
CVE-2022-23482
CVE-2022-23484
CVE-2022-23493

These security issues are reported by Team BT5 (BoB 11th). We appreciate their great help with making and reviewing patches.
New features

openSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts (#2413)
VNC backend session now supports extra mouse buttons 6, 7 and 8 (#2426)

Bug fixes

Passwords are no longer left on the heap in sesman (#1599 #2439)
Set permissions on pcsc socket dir to owner only (#2454 #2460)

Internal changes

CI updates to cope with github upgrades (#2395)

Changes for packagers or developers

Nothing this time.

Known issues

On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
xrdp’s login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)

Read More

xrdp-0.9.21-1.fc35

Read Time:1 Minute, 18 Second

FEDORA-2022-0a7ffb8709

Packages in this update:

xrdp-0.9.21-1.fc35

Update description:

Release notes for xrdp v0.9.21 (2022/12/10)

General announcements

Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.

Security fixes

This update is recommended for all xrdp users and provides following important security fixes:

CVE-2022-23468
CVE-2022-23477
CVE-2022-23478
CVE-2022-23479
CVE-2022-23480
CVE-2022-23481
CVE-2022-23483
CVE-2022-23482
CVE-2022-23484
CVE-2022-23493

These security issues are reported by Team BT5 (BoB 11th). We appreciate their great help with making and reviewing patches.
New features

openSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts (#2413)
VNC backend session now supports extra mouse buttons 6, 7 and 8 (#2426)

Bug fixes

Passwords are no longer left on the heap in sesman (#1599 #2439)
Set permissions on pcsc socket dir to owner only (#2454 #2460)

Internal changes

CI updates to cope with github upgrades (#2395)

Changes for packagers or developers

Nothing this time.

Known issues

On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
xrdp’s login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)

Read More

xrdp-0.9.21-1.el9

Read Time:1 Minute, 18 Second

FEDORA-EPEL-2022-a0c828a573

Packages in this update:

xrdp-0.9.21-1.el9

Update description:

Release notes for xrdp v0.9.21 (2022/12/10)

General announcements

Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.

Security fixes

This update is recommended for all xrdp users and provides following important security fixes:

CVE-2022-23468
CVE-2022-23477
CVE-2022-23478
CVE-2022-23479
CVE-2022-23480
CVE-2022-23481
CVE-2022-23483
CVE-2022-23482
CVE-2022-23484
CVE-2022-23493

These security issues are reported by Team BT5 (BoB 11th). We appreciate their great help with making and reviewing patches.
New features

openSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts (#2413)
VNC backend session now supports extra mouse buttons 6, 7 and 8 (#2426)

Bug fixes

Passwords are no longer left on the heap in sesman (#1599 #2439)
Set permissions on pcsc socket dir to owner only (#2454 #2460)

Internal changes

CI updates to cope with github upgrades (#2395)

Changes for packagers or developers

Nothing this time.

Known issues

On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
xrdp’s login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)

Read More

Microsoft PlayReady security research

Read Time:21 Second

Posted by Security Explorations on Dec 10

Hello,

Microsoft PlayReady is one of the key technologies used by PayTV
industry and OTT platforms for Digital Rights Management and content
security in general. According to Microsoft, PlayReady Server SDK has
several hundred service provider licensees.

Security Explorations conducted security analysis of Microsoft Play
Ready content protection technology in the environment of CANAL+ SAT
TV provider. As a result, complete access to movie…

Read More