{"affected":[{"ecosystem_specific":{"binaries":[{"xrdp":"0.9.0~git.1456906198.f422461-21.30.2"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 9","name":"xrdp","purl":"pkg:rpm/suse/xrdp&distro=SUSE%20OpenStack%20Cloud%209"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.0~git.1456906198.f422461-21.30.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"xrdp":"0.9.0~git.1456906198.f422461-21.30.2"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud Crowbar 9","name":"xrdp","purl":"pkg:rpm/suse/xrdp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.0~git.1456906198.f422461-21.30.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"xrdp":"0.9.0~git.1456906198.f422461-21.30.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP4","name":"xrdp","purl":"pkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.0~git.1456906198.f422461-21.30.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"xrdp":"0.9.0~git.1456906198.f422461-21.30.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP4-LTSS","name":"xrdp","purl":"pkg:rpm/suse/xrdp&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.9.0~git.1456906198.f422461-21.30.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for xrdp fixes the following issues:\n\n- CVE-2022-23468: Fixed a buffer overflow in xrdp_login_wnd_create() (bsc#1206300).\n- CVE-2022-23479: Fixed a buffer overflow in xrdp_mm_chan_data_in() (bsc#1206303).\n- CVE-2022-23480: Fixed a buffer overflow in devredir_proc_client_devlist_announce_req() (bsc#1206306).\n- CVE-2022-23481: Fixed an out of bound read in xrdp_caps_process_confirm_active() (bsc#1206307).\n- CVE-2022-23482: Fixed an out of bound read in xrdp_sec_process_mcs_data_CS_CORE() (bsc#1206310).\n- CVE-2022-23483: Fixed an out of bound read in libxrdp_send_to_channel() (bsc#1206311).\n- CVE-2022-23484: Fixed a integer overflow in xrdp_mm_process_rail_update_window_text() (bsc#1206312).\n","id":"SUSE-SU-2023:0340-1","modified":"2023-02-10T08:39:29Z","published":"2023-02-10T08:39:29Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20230340-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1206300"},{"type":"REPORT","url":"https://bugzilla.suse.com/1206303"},{"type":"REPORT","url":"https://bugzilla.suse.com/1206306"},{"type":"REPORT","url":"https://bugzilla.suse.com/1206307"},{"type":"REPORT","url":"https://bugzilla.suse.com/1206310"},{"type":"REPORT","url":"https://bugzilla.suse.com/1206311"},{"type":"REPORT","url":"https://bugzilla.suse.com/1206312"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-23468"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-23479"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-23480"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-23481"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-23482"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-23483"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-23484"}],"related":["CVE-2022-23468","CVE-2022-23479","CVE-2022-23480","CVE-2022-23481","CVE-2022-23482","CVE-2022-23483","CVE-2022-23484"],"summary":"Security update for xrdp","upstream":["CVE-2022-23468","CVE-2022-23479","CVE-2022-23480","CVE-2022-23481","CVE-2022-23482","CVE-2022-23483","CVE-2022-23484"]}