FEDORA-2022-08d2138578
Packages in this update:
xrdp-0.9.21-1.fc36
Update description:
Release notes for xrdp v0.9.21 (2022/12/10)
General announcements
Running xrdp and xrdp-sesman on separate hosts is still supported by this release, but is now deprecated. This is not secure. A future v1.0 release will replace the TCP socket used between these processes with a Unix Domain Socket, and then cross-host running will not be possible.
Security fixes
This update is recommended for all xrdp users and provides following important security fixes:
CVE-2022-23468
CVE-2022-23477
CVE-2022-23478
CVE-2022-23479
CVE-2022-23480
CVE-2022-23481
CVE-2022-23483
CVE-2022-23482
CVE-2022-23484
CVE-2022-23493
These security issues are reported by Team BT5 (BoB 11th). We appreciate their great help with making and reviewing patches.
New features
openSuSE Tumbleweed move to /usr/lib/pam.d is now supported in the installation scripts (#2413)
VNC backend session now supports extra mouse buttons 6, 7 and 8 (#2426)
Bug fixes
Passwords are no longer left on the heap in sesman (#1599 #2439)
Set permissions on pcsc socket dir to owner only (#2454 #2460)
Internal changes
CI updates to cope with github upgrades (#2395)
Changes for packagers or developers
Nothing this time.
Known issues
On-the-fly resolution change requires the Microsoft Store version of Remote Desktop client but sometimes crashes on connect (#1869)
xrdp’s login dialog is not relocated at the center of the new resolution after on-the-fly resolution change happens (#1867)