Source: xrdp Version: 0.9.1-7 Severity: important Tags: security upstream patch Forwarded: https://github.com/neutrinolabs/xrdp/issues/350
Hi, the following vulnerability was published for xrdp. CVE-2017-6967[0]: | xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect | location, leading to PAM session modules not being properly | initialized, with a potential consequence of incorrect configurations | or elevation of privileges, aka a pam_limits.so bypass. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-6967 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6967 [1] http://www.openwall.com/lists/oss-security/2017/03/18/1 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
