Ubuntu Security Notice 6469-1 - Ashley Newson discovered that xrdp incorrectly handled memory when processing certain incoming connections. An attacker could possibly use this issue to cause a denial of service or arbitrary code execution.
27f22e8c4599953e60c42928e27a91e4846b71c55ab10ff261b55486e50e373b
Debian Linux Security Advisory 4737-1 - Ashley Newson discovered that the XRDP sessions manager was susceptible to denial of service. A local attacker can further take advantage of this flaw to impersonate the XRDP sessions manager and capture any user credentials that are submitted to XRDP, approve or reject arbitrary login credentials or to hijack existing sessions for xorgxrdp sessions.
86f96365681dacb8d32cdae9fe2abe14c91547d447b127933e2db1853dfdd01d