openSUSE has issued an advisory on February 3: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/FMYGECEBC7XEBNQ2ZHXYRQBLCMHHXKP5/ CVE-2024-39917 is fixed in 0.10.1 so only Mageia 9 is affected.
CVE: (none) => CVE-2024-39917Source RPM: (none) => xrdp-0.9.23.1-1.mga9.src.rpmStatus comment: (none) => Patch available from openSUSE
Suggested advisory: ======================== The updated packages fix a security vulnerability: xrdp allows an ininite number of login attempts. (CVE-2024-39917) References: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/FMYGECEBC7XEBNQ2ZHXYRQBLCMHHXKP5/ ======================== Updated packages in core/updates_testing: ======================== xrdp-0.9.23.1-1.1.mga9 xrdp-devel-0.9.23.1-1.1.mga9 from SRPM: xrdp-0.9.23.1-1.1.mga9.src.rpm
Assignee: bugsquad => qa-bugsStatus: NEW => ASSIGNEDStatus comment: Patch available from openSUSE => (none)
MGA9-64 Xfce on Compaq H000SB. No installation issues Ref bug 31309 Comment 8 for testing: On this laptop: # systemctl start xrdp # systemctl start xrdp-sesman.service # systemctl -l status xrdp ● xrdp.service - xrdp daemon Loaded: loaded (/usr/lib/systemd/system/xrdp.service; disabled; preset: di> Active: active (running) since Thu 2025-02-06 16:13:49 CET; 21min ago Docs: man:xrdp(8) man:xrdp.ini(5) Main PID: 20836 (xrdp) Tasks: 1 (limit: 8806) Memory: 1.6M CPU: 15.824s CGroup: /system.slice/xrdp.service └─20836 /usr/sbin/xrdp --nodaemon Feb 06 16:32:06 mach3.hviaene.thuis xrdp[23188]: [INFO ] VNC receiving name len> Feb 06 16:32:06 mach3.hviaene.thuis xrdp[23188]: [INFO ] VNC receiving name Feb 06 16:32:06 mach3.hviaene.thuis xrdp[23188]: [INFO ] VNC sending pixel form> Feb 06 16:32:06 mach3.hviaene.thuis xrdp[23188]: [INFO ] VNC sending cursor Feb 06 16:32:06 mach3.hviaene.thuis xrdp[23188]: [INFO ] VNC connection complet> Feb 06 16:32:06 mach3.hviaene.thuis xrdp[23188]: [INFO ] VNC: Clipboard (if ava> Feb 06 16:32:06 mach3.hviaene.thuis xrdp[23188]: [INFO ] connected ok Feb 06 16:32:06 mach3.hviaene.thuis xrdp[23188]: [INFO ] Layout from OldLayout > Port 3389 was already open in MCC. On desktop PC (which already had freerdp installed) entered the command: xfreerdp /v:mach3 /u:<userid> /p:<passwd> Then after allowing the certificate, the desktop opened and was able to open caja and browse the files of the user on the laptop. Looks OK to me. Note: I aborted a first try when running Pl
CC: (none) => herman.viaene
Continuing .... Note: I aborted a first try when running Plasma Wayland on ythis laptop. Connection from the desktop was made OK, but the Plasma desktop took soooo long, that I simply gave up. No errors were reported. I feel this is similar to previous updates, but I would be reassured if someone with a more powerfull machine could demonstrate Plasma.
Keywords: (none) => advisory
CC: (none) => mageia
I don't know why but after a connection from the laptop to the desktop I get a window like I just have window manager, perhaps because I'm running lxqt in both systems I can run applications from my desktop in my laptop, so this is a few better for previous try where I could not do connection
CC: (none) => andrewsfarmWhiteboard: (none) => MGA9-64-OK
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0044.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED