{"affected":[{"ecosystem_specific":{"binaries":[{"libpainter0":"0.9.6-150000.4.11.1","librfxencode0":"0.9.6-150000.4.11.1","xrdp":"0.9.6-150000.4.11.1","xrdp-devel":"0.9.6-150000.4.11.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP1-LTSS","name":"xrdp","purl":"pkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.6-150000.4.11.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libpainter0":"0.9.6-150000.4.11.1","librfxencode0":"0.9.6-150000.4.11.1","xrdp":"0.9.6-150000.4.11.1","xrdp-devel":"0.9.6-150000.4.11.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15 SP1-LTSS","name":"xrdp","purl":"pkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.6-150000.4.11.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libpainter0":"0.9.6-150000.4.11.1","librfxencode0":"0.9.6-150000.4.11.1","xrdp":"0.9.6-150000.4.11.1","xrdp-devel":"0.9.6-150000.4.11.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP1","name":"xrdp","purl":"pkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.6-150000.4.11.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libpainter0":"0.9.6-150000.4.11.1","librfxencode0":"0.9.6-150000.4.11.1","xrdp":"0.9.6-150000.4.11.1","xrdp-devel":"0.9.6-150000.4.11.1"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 6","name":"xrdp","purl":"pkg:rpm/suse/xrdp&distro=SUSE%20Enterprise%20Storage%206"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.6-150000.4.11.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for xrdp fixes the following issues:\n\n- CVE-2022-23468: Fixed a buffer overflow in xrdp_login_wnd_create() (bsc#1206300).\n- CVE-2022-23479: Fixed a buffer overflow in xrdp_mm_chan_data_in() (bsc#1206303).\n- CVE-2022-23480: Fixed a buffer overflow in devredir_proc_client_devlist_announce_req() (bsc#1206306).\n- CVE-2022-23481: Fixed an out of bound read in xrdp_caps_process_confirm_active() (bsc#1206307).\n- CVE-2022-23482: Fixed an out of bound read in xrdp_sec_process_mcs_data_CS_CORE() (bsc#1206310).\n- CVE-2022-23483: Fixed an out of bound read in libxrdp_send_to_channel() (bsc#1206311).\n- CVE-2022-23484: Fixed a integer overflow in xrdp_mm_process_rail_update_window_text() (bsc#1206312).\n","id":"SUSE-SU-2023:0012-1","modified":"2023-01-02T10:46:01Z","published":"2023-01-02T10:46:01Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20230012-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1206300"},{"type":"REPORT","url":"https://bugzilla.suse.com/1206303"},{"type":"REPORT","url":"https://bugzilla.suse.com/1206306"},{"type":"REPORT","url":"https://bugzilla.suse.com/1206307"},{"type":"REPORT","url":"https://bugzilla.suse.com/1206310"},{"type":"REPORT","url":"https://bugzilla.suse.com/1206311"},{"type":"REPORT","url":"https://bugzilla.suse.com/1206312"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-23468"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-23479"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-23480"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-23481"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-23482"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-23483"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-23484"}],"related":["CVE-2022-23468","CVE-2022-23479","CVE-2022-23480","CVE-2022-23481","CVE-2022-23482","CVE-2022-23483","CVE-2022-23484"],"summary":"Security update for xrdp","upstream":["CVE-2022-23468","CVE-2022-23479","CVE-2022-23480","CVE-2022-23481","CVE-2022-23482","CVE-2022-23483","CVE-2022-23484"]}