Source: xrdp Version: 0.9.17-2 Severity: wishlist Tags: patch User: de...@kali.org Usertags: origin-kali
Hello, I have just uploaded an NMU prepared by a Kali contributor (in the NM queue). Please find the relevant "git am" patches attached. (The two patches by Arnaud are also in https://salsa.debian.org/arnaudr/xrdp) It fixes CVE-2022-23613 and nothing else. I noticed that you have open MR on Gitlab that it would be good to handle. There's a former NMU that was never acked and that doesn't appear in debian/changelog. https://salsa.debian.org/debian-remote-team/xrdp/-/merge_requests -- System Information: Debian Release: bookworm/sid APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.16.0-5-amd64 (SMP w/16 CPU threads; PREEMPT) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -- Raphaƫl Hertzog
>From 6b20339946d23bae9848c00533d006a35ba16990 Mon Sep 17 00:00:00 2001 From: Arnaud Rebillout <arna...@kali.org> Date: Fri, 1 Apr 2022 08:25:06 +0700 Subject: [PATCH 1/3] Import upstream patch to fix CVE-2022-23613 (Closes: #1005304) --- debian/patches/cve-2022-23613.diff | 47 ++++++++++++++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 48 insertions(+) create mode 100644 debian/patches/cve-2022-23613.diff diff --git a/debian/patches/cve-2022-23613.diff b/debian/patches/cve-2022-23613.diff new file mode 100644 index 00000000..0a5ebdf1 --- /dev/null +++ b/debian/patches/cve-2022-23613.diff @@ -0,0 +1,47 @@ +From: matt335672 <30179339+matt335...@users.noreply.github.com> +Date: Wed, 2 Feb 2022 10:39:50 +0000 +Subject: [PATCH] Add lower bound to sesman data input size check +Origin: upstream, https://github.com/neutrinolabs/xrdp/commit/4def30ab + +--- + sesman/sesman.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/sesman/sesman.c b/sesman/sesman.c +index a85769053..e2b057e6a 100644 +--- a/sesman/sesman.c ++++ b/sesman/sesman.c +@@ -276,6 +276,7 @@ sesman_close_all(void) + static int + sesman_data_in(struct trans *self) + { ++#define HEADER_SIZE 8 + int version; + int size; + +@@ -283,9 +284,9 @@ sesman_data_in(struct trans *self) + { + in_uint32_be(self->in_s, version); + in_uint32_be(self->in_s, size); +- if (size > self->in_s->size) ++ if (size < HEADER_SIZE || size > self->in_s->size) + { +- LOG(LOG_LEVEL_ERROR, "sesman_data_in: bad message size"); ++ LOG(LOG_LEVEL_ERROR, "sesman_data_in: bad message size %d", size); + return 1; + } + self->header_size = size; +@@ -302,11 +303,12 @@ sesman_data_in(struct trans *self) + return 1; + } + /* reset for next message */ +- self->header_size = 8; ++ self->header_size = HEADER_SIZE; + self->extra_flags = 0; + init_stream(self->in_s, 0); /* Reset input stream pointers */ + } + return 0; ++#undef HEADER_SIZE + } + + /******************************************************************************/ diff --git a/debian/patches/series b/debian/patches/series index ecf3e815..a3757c8a 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -8,3 +8,4 @@ pulse-debian.patch var-run.diff document-certs.diff fix-environment.diff +cve-2022-23613.diff -- 2.35.1
>From a0e029b28413f8900845e9e7135c252885b6d5ae Mon Sep 17 00:00:00 2001 From: Arnaud Rebillout <arna...@kali.org> Date: Fri, 1 Apr 2022 09:34:56 +0700 Subject: [PATCH 2/3] Update changelog for 0.9.17-2.1 release --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 5773a467..527cfa87 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +xrdp (0.9.17-2.1) unstable; urgency=medium + + * Import upstream patch to fix CVE-2022-23613 (Closes: #1005304) + + -- Arnaud Rebillout <arna...@kali.org> Fri, 01 Apr 2022 09:34:47 +0700 + xrdp (0.9.17-2) unstable; urgency=medium * Initialise the environment properly (Closes: #996418, #984782) -- 2.35.1
>From 9f4ac4afcee73ce567e5734ba2cacfd1789fb23c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= <raph...@offensive-security.com> Date: Fri, 1 Apr 2022 08:44:24 +0200 Subject: [PATCH 3/3] Add non-maintainer upload to changelog entry. --- debian/changelog | 1 + 1 file changed, 1 insertion(+) diff --git a/debian/changelog b/debian/changelog index 527cfa87..1a502830 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,5 +1,6 @@ xrdp (0.9.17-2.1) unstable; urgency=medium + * Non-maintainer upload. * Import upstream patch to fix CVE-2022-23613 (Closes: #1005304) -- Arnaud Rebillout <arna...@kali.org> Fri, 01 Apr 2022 09:34:47 +0700 -- 2.35.1
