Source: xrdp Version: 0.9.1-1 Severity: grave Tags: security upstream Forwarded: https://github.com/neutrinolabs/xrdp/pull/958
Hi, the following vulnerability was published for xrdp. CVE-2017-16927[0]: | The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session | manager in xrdp through 0.9.4 uses an untrusted integer as a write | length, which allows local users to cause a denial of service (buffer | overflow and application crash) or possibly have unspecified other | impact via a crafted input stream. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-16927 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16927 [1] https://groups.google.com/forum/#!topic/xrdp-devel/PmVfMuy_xBA [2] https://github.com/neutrinolabs/xrdp/pull/958 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
