Fedora Linux 8579 Published by

A xrdp security update has been released for Fedora 37.

[SECURITY] Fedora 37 Update: xrdp-0.9.23-1.fc37

Fedora Update Notification
2023-09-10 01:18:52.422876

Name : xrdp
Product : Fedora 37
Version : 0.9.23
Release : 1.fc37
URL : http://www.xrdp.org/
Summary : Open source remote desktop protocol (RDP) server
Description :
xrdp provides a fully functional RDP server compatible with a wide range
of RDP clients, including FreeRDP and Microsoft RDP client.

Update Information:

Release notes for xrdp v0.9.23 (2023/08/31) General announcements - Running
xrdp and xrdp-sesman on separate hosts is still supported by this release, but
is now deprecated. This is not secure. A future v1.0 release will replace the
TCP socket used between these processes with a Unix Domain Socket, and then
cross-host running will not be possible. Security fixes - CVE-2023-40184:
Improper handling of session establishment errors allows bypassing OS-level
session restrictions (Reported by @gafusss) Bug fixes - Environment variables
set by PAM modules are no longer restricted to around 250 characters (#2712) -
X11 clipboard clients now no longer hang when requesting a clipboard format
which isn't available (#2767) New features No new features in this release.
Internal changes - Introduce release tarball generation script (#2703) -
cppcheck version used for CI bumped to 2.11 (#2738) Known issues - On-the-fly
resolution change requires the Microsoft Store version of Remote Desktop client
but sometimes crashes on connect (#1869) - xrdp's login dialog is not relocated
at the center of the new resolution after on-the-fly resolution change happens

* Fri Sep 1 2023 Bojan Smojver [bojan@rexursive.com] - 1:0.9.23-1
- Update to 0.9.23
- CVE-2023-40184
* Sat Jul 22 2023 Fedora Release Engineering [releng@fedoraproject.org] - 1:
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Tue Jun 13 2023 Leigh Scott [leigh123linux@gmail.com] - 1:
- Rebuild fo new imlib2

[ 1 ] Bug #2236307 - CVE-2023-40184 xrdp: xdp: restriction bypass via improper session handling [fedora-all]
[ 2 ] Bug #2236308 - CVE-2023-40184 xrdp: xdp: restriction bypass via improper session handling [epel-all]

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-40298f6951' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at