-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : xrdp Version : 0.5.0-2+deb7u2 CVE ID : CVE-2017-16927
The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session manager in xrdp uses an untrusted integer as a write length, which allows local users to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted input stream. For Debian 7 "Wheezy", these problems have been fixed in version 0.5.0-2+deb7u2. We recommend that you upgrade your xrdp packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAloug4gACgkQ+COicpiD yXxLexAAqrpzEWJ9ZZz5TPHT0GIbNXL1Mzr28xDD9CGYZNo1eX2PFJn53cketX3l d/KmblLPo6j5tp5Nmv6ugPGJ6qFnq5650g6w07PgZ45611drx4fL+Nx8w5CRGdN8 8RTvqVCtnlJnsqTybd1JAQGnFEy8mqUddrMeGNXlX+1Axua1/ZcNJhs83kC476Wq /k4tzPAkIuPMrnTIxXUQPXvmxZlr6yzfkpPM4uofm9FoM4QFvbTeug4pgQ89REiz ekaqPNrkgZIijtfp75OyuClqC+cyLh3md/s4rK7P9TJaJRNRmIGVpKtJI1NRWxeB p1xC3b4gsUTDq01YQ0nReVlcb7K9ZqE5iA9WWD5BNlqXUMEZgfHyBWnL0E38+kGx kSQvcY9YOJajNgZ+Eba0DuvP41UYue+dhAP9AA2JvUGPBx+ENB+jml7ViRmiwkWI sk7tqZbAdzj9EdvzxOKjIcY604JmMAa60BvpZrs5t6JMcNJftq2b1OR+LpfsPDpH htK5OldKKT+H80ZkFuwX73O7keHTIZGqW94EeeQO9Z2991oGCPkASrisIIwct/vt 3CVSjxBu8ymuUHUVPe860lhgr3l8e5PPda1xiiBHxzEZ2AkM7m06k9gksO0/N5Rh WLtQIwXxl+Ac1uGeidoOeBYbp+ufnMQpjb4bwJq487vg/dl7jOA= =u+m6 -----END PGP SIGNATURE-----
