Your message dated Fri, 23 Feb 2018 12:47:10 +0000
with message-id <e1epcko-000bjc...@fasolo.debian.org>
and subject line Bug#882463: fixed in xrdp 0.9.1-9+deb9u2
has caused the Debian Bug report #882463,
regarding xrdp: CVE-2017-16927: Buffer-overflow in scp_v0s_accept function in
session manager
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
882463: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882463
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: xrdp
Version: 0.9.1-1
Severity: grave
Tags: security upstream
Forwarded: https://github.com/neutrinolabs/xrdp/pull/958
Hi,
the following vulnerability was published for xrdp.
CVE-2017-16927[0]:
| The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session
| manager in xrdp through 0.9.4 uses an untrusted integer as a write
| length, which allows local users to cause a denial of service (buffer
| overflow and application crash) or possibly have unspecified other
| impact via a crafted input stream.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-16927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16927
[1] https://groups.google.com/forum/#!topic/xrdp-devel/PmVfMuy_xBA
[2] https://github.com/neutrinolabs/xrdp/pull/958
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: xrdp
Source-Version: 0.9.1-9+deb9u2
We believe that the bug you reported is fixed in the latest version of
xrdp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 882...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dominik George <n...@naturalnet.de> (supplier of updated xrdp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 15 Dec 2017 19:28:28 +0100
Source: xrdp
Binary: xrdp xorgxrdp
Architecture: source amd64
Version: 0.9.1-9+deb9u2
Distribution: stretch
Urgency: medium
Maintainer: Debian Remote Maintainers <pkg-remote-t...@lists.alioth.debian.org>
Changed-By: Dominik George <n...@naturalnet.de>
Description:
xorgxrdp - Remote Desktop Protocol (RDP) modules for X.org
xrdp - Remote Desktop Protocol (RDP) server
Closes: 882463 884453
Changes:
xrdp (0.9.1-9+deb9u2) stretch; urgency=medium
.
* Fix CVE-2017-16927. (Closes: #882463)
* Fix high CPU load on ssl_tls_accept. (Closes: #884453)
Checksums-Sha1:
de2c8a3e38b054a98f99a159f4629ecc7058ae0d 2667 xrdp_0.9.1-9+deb9u2.dsc
dc1bb7b6ce2fb7a46eb90f5f18a7a4b46acbbad5 29464
xrdp_0.9.1-9+deb9u2.debian.tar.xz
12ed5c7105e61c93e27d9e9918de5af6fe6762a8 898410
xorgxrdp-dbgsym_0.9.1-9+deb9u2_amd64.deb
86641f6e164b48d2208a3a30a5ce07c3abfad1fc 80536
xorgxrdp_0.9.1-9+deb9u2_amd64.deb
fae0ce86e009764605eb5fc7bd2f56c5c0b92cec 729496
xrdp-dbgsym_0.9.1-9+deb9u2_amd64.deb
166e83a63ee2015428d882a1d22e6eefa54c5f5d 10628
xrdp_0.9.1-9+deb9u2_amd64.buildinfo
f2e861769ec1697ee341ab38be6e8347b9a93b35 438424 xrdp_0.9.1-9+deb9u2_amd64.deb
Checksums-Sha256:
0d0876631b77fa2574a2d5650313e7d006d428d4ce7542ba88a2e165d22b6b71 2667
xrdp_0.9.1-9+deb9u2.dsc
c504d134b279358121b00228cdb0a76aae410e900cd67038564f44d102900d32 29464
xrdp_0.9.1-9+deb9u2.debian.tar.xz
38a3d21c16e6db71148e7d15a48effb210120f940002ed4fa93054330133dd97 898410
xorgxrdp-dbgsym_0.9.1-9+deb9u2_amd64.deb
924cf0d0146e561edf4ab3697f8a3ea3fd50e59c644233414ea5e2064b000f69 80536
xorgxrdp_0.9.1-9+deb9u2_amd64.deb
bbdeb747c49db82b4069bac3d1c1c224579ac5e33efffcf33e3cd68257e0e02c 729496
xrdp-dbgsym_0.9.1-9+deb9u2_amd64.deb
63723f753721751aeed5b94b4cebed8e34a226ec172dfa8da548ccdead12e8e7 10628
xrdp_0.9.1-9+deb9u2_amd64.buildinfo
83dc60644dd6f30d160b7e50d904c5ebfa3e632d83600ab5251cbf4e6da5dfab 438424
xrdp_0.9.1-9+deb9u2_amd64.deb
Files:
1127b6c11ce7c68b0a8421477629198d 2667 net optional xrdp_0.9.1-9+deb9u2.dsc
5f83fc3f40a5f12656586b4ccac79707 29464 net optional
xrdp_0.9.1-9+deb9u2.debian.tar.xz
c9e974f7707f10ac5f7c93621b9eef7f 898410 debug extra
xorgxrdp-dbgsym_0.9.1-9+deb9u2_amd64.deb
2020d7fc2525a30c63bd5d8ef297928c 80536 net optional
xorgxrdp_0.9.1-9+deb9u2_amd64.deb
e5eca75ceb3cba61c5d4383690bff104 729496 debug extra
xrdp-dbgsym_0.9.1-9+deb9u2_amd64.deb
9e9e03d0040029669b285501eaa395c0 10628 net optional
xrdp_0.9.1-9+deb9u2_amd64.buildinfo
b3897b68539b17b2c79ede6806f770fe 438424 net optional
xrdp_0.9.1-9+deb9u2_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQJlBAEBCABPFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlqKCzwxGmh0dHBzOi8v
d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYwAKCRC3mjwW
oMTyll+aEADYSCTLUn7R48eF0yPi+9+tZBT1hcscBiwtvG+8HfPE7VLkwu72CS23
ZfAw0YNse9B42XcXX87DRq7Pzb3f15D5JhXgbS+Q1KGmY2cbPYN+naTT2tlPRacR
+GlpNFLjLSoODs095haN8TY2kyo1Sgscq7w5Tf+ZQgP1oF39t58h+S+HF3PcAHX2
CQsoX7AuEerARBkHJ1Q54T9+hleo+uV6S+18VfW4TY+qId2KPoZdveDHDXLjw9im
fYu5sZTXUc5EN1glN8hxT+VdY0JH/2ydVrH6j5h9aV5WT1kp7lSP3AR1JhIU7VaW
FFGkb7tiDL8V74v71zG6c5tMdcoqg+nhANzcjnEN7/sAuACApAbkQB1gnoNkRhcl
IsmnxlRs8d5UKuI4wv4TNB/6yYOQtxP6kLWSrKmmOPwYUlA2BMom0ojXFZC1K+fb
VURM7Sjx+nsXRb06jrbmpOzsMaWlZJoRJxaFPqm18Zs9KtybXD4TOES0YeSu2nGr
cAjWYc0JTZBxIJSLajO+J8pyqUJ3/VbbsGQny7xRHD7yrldaLS7xGGbi+X2SmylE
tJ4x658UxvP6hKGogBxopKD6QlGNrlnPksn+9LDwFl5JIKBflpRO9ibCioJWrCLe
N/5H3NIF+mO2wFnBGfdPj7lCeWki4OkMwBJ+NfZEq/N5QaQxhDQPqQ==
=Hfb/
-----END PGP SIGNATURE-----
--- End Message ---
