Home / mailingsPDF  

[USN-8476-1] xrdp vulnerabilities

Posted on 25 June 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-8476-1
June 25, 2026

xrdp vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in xrdp.

Software Description:
- xrdp: an open source RDP server

Details:

It was discovered that xrdp incorrectly handled bounds checking when
processing user domain information during the connection sequence. An
unauthenticated remote attacker could use this issue to cause xrdp to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2025-68670)

It was discovered that xrdp did not correctly enforce the maximum number of
login attempts configured by the MaxLoginRetry parameter. A remote attacker
could use this issue to perform an unlimited number of login attempts.
(CVE-2024-39917)

It was discovered that xrdp did not perform bounds checking when accessing
font glyphs. Since some of this data is controllable by the user, a remote
attacker could use this issue to cause xrdp to read out of bounds. This
issue only affected Ubuntu 24.04 LTS. (CVE-2023-42822)

It was discovered that xrdp did not properly handle session establishment
errors. A remote attacker could use this issue to bypass OS-level session
restrictions enforced by PAM, such as the maximum number of concurrent
sessions per user. This issue only affected Ubuntu 24.04 LTS.
(CVE-2023-40184)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
xrdp 0.10.1-3.1+deb13u1build0.25.10.1

Ubuntu 24.04 LTS
xrdp 0.9.24-4ubuntu0.1~esm1
Available with Ubuntu Pro

Ubuntu 22.04 LTS
xrdp 0.9.17-2ubuntu3+esm2
Available with Ubuntu Pro

Ubuntu 20.04 LTS
xrdp 0.9.12-1ubuntu0.1+esm2
Available with Ubuntu Pro

Ubuntu 18.04 LTS
xorgxrdp 0.9.5-2ubuntu0.1~esm3
Available with Ubuntu Pro
xrdp 0.9.5-2ubuntu0.1~esm3
Available with Ubuntu Pro
xrdp-pulseaudio-installer 0.9.5-2ubuntu0.1~esm3
Available with Ubuntu Pro

After a standard system update you need to restart xrdp to make all the
necessary changes.

References:
https://ubuntu.com/security/notices/USN-8476-1
CVE-2023-40184, CVE-2023-42822, CVE-2024-39917, CVE-2025-68670

Package Information:
https://launchpad.net/ubuntu/+source/xrdp/0.10.1-3.1+deb13u1build0.25.10.1

--===============8980692594978643967==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP

Mailings :

Exploits :