-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Mar 2017 08:49:09 +0200 Source: xrdp Binary: xrdp Architecture: source i386 Version: 0.5.0-2+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Vincent Bernat <bernat@debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: xrdp - Remote Desktop Protocol (RDP) server Changes: xrdp (0.5.0-2+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2017-6967: xrdp calls the PAM function auth_start_session() in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pam_limits.so bypass. Checksums-Sha1: 07d9d6dcfcf02e3090e04e49447c0c0812894eee 2063 xrdp_0.5.0-2+deb7u1.dsc 7fe3a2fa1cfc68d128a75d204723074ed9ab3977 311756 xrdp_0.5.0.orig.tar.gz 292a85969ad04a927e3bfb8feea51f5960b8cb00 13596 xrdp_0.5.0-2+deb7u1.debian.tar.gz ce4f2a900170a370c0394551e4fa2d5f31b2d6b2 271216 xrdp_0.5.0-2+deb7u1_i386.deb Checksums-Sha256: b453f71503dd9149cf05e9f2a8e7aa7b73fca5e9223a19fcc16e21c20ccbdfd4 2063 xrdp_0.5.0-2+deb7u1.dsc 5167c23b67605f05be42e99735b08fd06a5813f3e5f225274b33e89adf12ff9c 311756 xrdp_0.5.0.orig.tar.gz 4a046f8c36079bb7fd40dc85f6f0630f1953df9054a66bab3423b7a00874e043 13596 xrdp_0.5.0-2+deb7u1.debian.tar.gz 6ec658297ed9f32c73de0e85665cac8a9ac81bb9aa164852c70a0ee823224cf8 271216 xrdp_0.5.0-2+deb7u1_i386.deb Files: 20b4fd0ef435c4181695443ae9ed6b40 2063 net optional xrdp_0.5.0-2+deb7u1.dsc 995dfe4bce30d472ef18d701c4109993 311756 net optional xrdp_0.5.0.orig.tar.gz 05889b44b7b27f48acae3e1827e1ad54 13596 net optional xrdp_0.5.0-2+deb7u1.debian.tar.gz 1bb5bee642f678d4271e4368c1354e71 271216 net optional xrdp_0.5.0-2+deb7u1_i386.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAljYv/xfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkPOYP/3asaubmS7lUpwE6UytQEfFYk0yySTIQYeVc H0DlmuCKPKqkdL6YZOKYJm1R7LJArXaiif+qk7Kk6JZZrqtJMpii9PGdPGKYaa8u nBS8N63n+uoJiTxSYmkWom1DZSseoZDEcwaqdYPSwSOKGn4OOnq+wKcGOIYgyqgt OY+nnkz3lYgPymgjx+SrjgMvikqHiOwhuEWVUMOysdQ/oJA8DP4/PYprf0+yImJO IU6LJNe0iCBMESYB+arKIz9UyJG2KQaTSTT+XP1xIuRXAHpMdy2Y7AxMPL7b6JOb trYGpV5vCpS6gUrwKeVM1Aq/kZw1SDrzTIj4UUyVfW9eyNHZimqgxn3R4A1cVMaW K/awuGTDI7CA+Ium/9LKC8UP8eITaz6j2pL4eNCrDljdlv51x1KNDTqsXilv7Xm4 8GhVG7gABmX5DDth96+ZDFrYBTzrzu5xugCjq6VDanWoZ9m7W3JY8ANw9zlUXbsH kCw7leZ0N2EX96FhDIdgj4/Six18nDITsglhJCE2A7/+RuCBrlH+XyRhSrE4iTYf raAL/a8Bf172CoUPeSr28Lhi02mHU2Wpdmpdzf8nj8aJ9AFVoT23jInhJuQRiHw7 +kL8meT3gnU8cWXG+0f4ggj9XG8ZwmNlIWmn3M2s6tmvGJ0uzHqThfYGpXN/dXOH maVKiZl8 =fxrZ -----END PGP SIGNATURE-----