![]() ![]() CVE-2023-42822: Unchecked access to font glyph info.The following issue was reported by CVE-2023-40184 We appreciate their great help with making and reviewing patches for them. This update provides following important security fixes reported by Team BT5 (BoB 11th). Later major versions of xrdp may remove these warnings, or introduce other behaviours for the affected parameters. Users are urged to heed any generated configuration warnings and update their configurations. The format of the date and time in the log file has been changed to ISO 8601 with milliseconds (#2386 #2541) Any uses of the 'C' field will generate warnings, and the configuration will require updating The renaming makes it much clearer what is happening (#2251 #2239). This field is has a very specific specialist purpose, and will not be used by the vast majority of users. The 'C' field for the session allocation policy has been replaced with Policy=Separate.Unnecessary usages of this parameter now generate warnings. The ip and pamsessionmng parameters are no longer required in sections in xrdp.ini to locate the sesman port.If the old default value 3350 is found, a warning is generated and a default value is used instead. sesman.ini/Globals/ListenPort is now a path to a socket, or an unqualified socket in a default directory.A warning message is generated if this is found in the configuration, but the configuration will continue to work. sesman.ini/Globals/ListenAddress is not longer used.The release introduces changes to xrdp.ini and sesman.ini. This release no longer supports running xrdp and xrdp-sesman on separate hosts. Users will need to move to xorgxrdp (#2489) This release no longer supports the x11rdp X server. This version of xrdp is based on v0.9.19, rather than any later releases in the v0.9.x series.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |