Bug 35111 - xrdp new security issue CVE-2025-68670
Summary: xrdp new security issue CVE-2025-68670
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2026-02-09 15:32 CET by Nicolas Salguero
Modified: 2026-02-11 18:57 CET (History)
4 users (show)

See Also:
Source RPM: xrdp-0.9.23.1-1.1.mga9.src.rpm
CVE: CVE-2025-68670
Status comment:
herman.viaene: test_passed_mga9_64+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2026-02-09 15:32:55 CET 
Debian has issued an advisory on February 7:
https://lists.debian.org/debian-security-announce/2026/msg00032.html
Comment 1 Nicolas Salguero 2026-02-09 15:44:15 CET 
Suggested advisory:
========================

The updated packages fix a security vulnerability:

xrdp improperly checks bounds of domain string length, which leads to Stack-based Buffer Overflow. (CVE-2025-68670)

References:
https://lists.debian.org/debian-security-announce/2026/msg00032.html
========================

Updated packages in core/updates_testing:
========================
xrdp-0.9.23.1-1.2.mga9
xrdp-devel-0.9.23.1-1.2.mga9

from SRPM:
xrdp-0.9.23.1-1.2.mga9.src.rpm

Source RPM: (none) => xrdp-0.9.23.1-1.1.mga9.src.rpm
Status: NEW => ASSIGNED
Assignee: bugsquad => qa-bugs
CVE: (none) => CVE-2025-68670
Version: Cauldron => 9

katnatek 2026-02-10 03:53:55 CET

Keywords: (none) => advisory

Comment 2 Herman Viaene 2026-02-10 14:47:07 CET 
MGA9-64 MATE on Compaq H000SB.
No installation issues.
Running MATE i.s.o. usual Plasma Wayland, because connecting from my desktop PC works OK, but starting the DE is impossibly slow with Plasma Wayland or X11.
So ref bug 33985.
On the laptop.
# systemctl start xrdp
# systemctl start xrdp-sesman.service
# systemctl -l status xrdp
● xrdp.service - xrdp daemon
     Loaded: loaded (/usr/lib/systemd/system/xrdp.service; disabled; preset: disabled)
     Active: active (running) since Tue 2026-02-10 14:32:26 CET; 12s ago
       Docs: man:xrdp(8)
             man:xrdp.ini(5)
   Main PID: 47995 (xrdp)
      Tasks: 1 (limit: 8805)
     Memory: 1.0M
        CPU: 27ms
     CGroup: /system.slice/xrdp.service
             └─47995 /usr/sbin/xrdp --nodaemon

Feb 10 14:32:26 mach3.hviaene.thuis systemd[1]: Started xrdp.service.
Opened port 3389.

On the desktop:
xfreerdp /v:mach3 /u:<userid> /p:<passwd>
MATE opened OK, I could use caja to display the contents of the laptop and made a .wav file play on the laptop.
OK for me.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA9-64-OK
Flags: (none) => test_passed_mga9_64+

Comment 3 PC LX 2026-02-10 15:42:31 CET 
Installed and tested without issues.

Tested using krdc client. Session started without and worked issues.
I only tested on localhost, and don't have time now to test over the internet, but should work with a ssh tunnel or if the port is open on the firewall.



System: Mageia 9, x86_64, IceWM, AMD Ryzen 5 5600G with Radeon Graphics using amdgpu driver.



# uname -a
Linux jupiter 6.6.120-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Jan 14 01:59:53 UTC 2026 x86_64 GNU/Linux
# rpm -qa | grep xrdp
xrdp-0.9.23.1-1.2.mga9
# systemctl status xrdp
● xrdp.service - xrdp daemon
     Loaded: loaded (/usr/lib/systemd/system/xrdp.service; disabled; preset: disabled)
     Active: active (running) since Tue 2026-02-10 14:32:39 WET; 3min 38s ago
       Docs: man:xrdp(8)
             man:xrdp.ini(5)
   Main PID: 32701 (xrdp)
      Tasks: 1 (limit: 37586)
     Memory: 2.8M
        CPU: 339ms
     CGroup: /system.slice/xrdp.service
             └─32701 /usr/sbin/xrdp --nodaemon

fev 10 14:34:22 jupiter xrdp[32929]: [INFO ] connected ok
fev 10 14:34:22 jupiter xrdp[32929]: [INFO ] Layout from OldLayout (geom=1920x1080 #screens=1) : 1804289383:(1920x1080+0+0)
<SNIP>
# systemctl status xrdp-sesman
● xrdp-sesman.service - xrdp session manager
     Loaded: loaded (/usr/lib/systemd/system/xrdp-sesman.service; disabled; preset: disabled)
     Active: active (running) since Tue 2026-02-10 14:32:39 WET; 3min 43s ago
       Docs: man:xrdp-sesman(8)
             man:sesman.ini(5)
   Main PID: 32700 (xrdp-sesman)
      Tasks: 1 (limit: 37586)
     Memory: 1.3M
        CPU: 77ms
     CGroup: /system.slice/xrdp-sesman.service
             └─32700 /usr/sbin/xrdp-sesman --nodaemon

fev 10 14:34:22 jupiter xrdp-sesman[32942]: [INFO ] [session start] (display 10): calling auth_start_session from pid 32942
fev 10 14:34:22 jupiter xrdp-sesman[32700]: [ERROR] sesman_data_in: scp_process_msg failed
fev 10 14:34:22 jupiter xrdp-sesman[32700]: [ERROR] sesman_main_loop: trans_check_wait_objs failed, removing trans
fev 10 14:34:22 jupiter xrdp-sesman[32942]: pam_unix(xrdp-sesman:session): session opened for user pclx(uid=1000) by (uid=0)
fev 10 14:34:22 jupiter xrdp-sesman[32942]: [INFO ] Found X server running at /tmp/.X11-unix/X10
fev 10 14:34:22 jupiter xrdp-sesman[32942]: [INFO ] Session started successfully for user pclx on display 10
fev 10 14:34:22 jupiter xrdp-sesman[32942]: [INFO ] Session in progress on display 10, waiting until the window manager (pid 32945) exits to end the session
fev 10 14:34:22 jupiter xrdp-sesman[33080]: localhost being added to access control list
fev 10 14:35:03 jupiter xrdp-sesman[32700]: [INFO ] Process 32942 has exited
fev 10 14:35:03 jupiter xrdp-sesman[32700]: [INFO ] ++ terminated session:  username pclx, display :10.0, session_pid 32942, ip ::ffff:127.0.0.1:40492 - socket: 12

CC: (none) => mageia

Comment 4 Thomas Andrews 2026-02-10 23:32:59 CET 
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 5 Mageia Robot 2026-02-11 18:57:21 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2026-0037.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.