Mageia alert MGASA-2021-0016 (xrdp)

From:
               Mageia Updates <buildsystem-daemon@mageia.org>
To:
               updates-announce@ml.mageia.org
Subject:
               [updates-announce] MGASA-2021-0016: Updated xrdp packages fix security vulnerability
Date:
               Sun, 10 Jan 2021 20:47:21 +0100
Message-ID:
               <20210110194721.196449F736@duvel.mageia.org>
Archive-link:
               Article
MGASA-2021-0016 - Updated xrdp packages fix security vulnerability

Publication date: 10 Jan 2021
URL: https://advisories.mageia.org/MGASA-2021-0016.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-4044

Description:
Ashley Newson discovered that the XRDP sessions manager was susceptible to
denial of service. A local attacker can further take advantage of this flaw to
impersonate the XRDP sessions manager and capture any user credentials that are
submitted to XRDP, approve or reject arbitrary login credentials or to hijack
existing sessions for xorgxrdp sessions (CVE-2020-4044).

References:
- https://bugs.mageia.org/show_bug.cgi?id=26931
- https://www.debian.org/security/2020/dsa-4737
-
https://lists.fedoraproject.org/archives/list/package-ann...
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4044

SRPMS:
- 7/core/xrdp-0.9.10-1.1.mga7

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2021-0016: Updated xrdp packages fix security vulnerability
Date:		Sun, 10 Jan 2021 20:47:21 +0100
Message-ID:		<20210110194721.196449F736@duvel.mageia.org>
Archive-link:		Article