Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 17 Mar 2017 18:12:02 -0700
From: Seth Arnold <seth.arnold@...onical.com>
To: oss-security@...ts.openwall.com
Cc: security@...ntu.com
Subject: CVE-2017-6967 xrdp PAM auth_start_session()

Hello, CVE-2017-6967 has been assigned to xrdp for an incorrect placement
of auth_start_session().

Full details are at:
https://github.com/neutrinolabs/xrdp/issues/350
https://github.com/neutrinolabs/xrdp/pull/694
https://github.com/neutrinolabs/xrdp/pull/695
https://bugs.launchpad.net/ubuntu/+source/xrdp/+bug/1672742

I believe this is the change upstream has chosen to use:

https://github.com/neutrinolabs/xrdp/pull/696/commits/44129acd210c803fc8bbcfaf1b0db05e5bb4034f

Thanks

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ