Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 30 Jan 2026 13:02:42 +0000
From:      Koichiro Iwao <meta@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: 4f024b963a2d - main - security/vuxml: Document xrdp RCE vulnerability
Message-ID:  <697cabf2.20709.8a72c7a@gitrepo.freebsd.org>
index | next in thread | raw e-mail 

The branch main has been updated by meta:

URL: https://cgit.FreeBSD.org/ports/commit/?id=4f024b963a2d48f7c00362d8b47a1b185eb7df27

commit 4f024b963a2d48f7c00362d8b47a1b185eb7df27
Author:     Koichiro Iwao <meta@FreeBSD.org>
AuthorDate: 2026-01-30 02:52:33 +0000
Commit:     Koichiro Iwao <meta@FreeBSD.org>
CommitDate: 2026-01-30 13:02:08 +0000

    security/vuxml: Document xrdp RCE vulnerability
    
    Security:       https://www.cve.org/CVERecord?id=CVE-2025-68670
    Security:       https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rwvg-gp87-gh6f
---
 security/vuxml/vuln/2026.xml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml
index f2e8c68c451f..bcfd780ce523 100644
--- a/security/vuxml/vuln/2026.xml
+++ b/security/vuxml/vuln/2026.xml
@@ -1,3 +1,29 @@
+  <vuln vid="232e16cc-fd83-11f0-981a-98b78501ef2a">
+    <topic>xrdp -- remote code execution</topic>
+    <affects>
+<package>
+<name>xrdp</name>
+<range><lt>0.10.5</lt></range>
+</package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>Denis Skvortsov, Security Researcher at Kaspersky reports:</p>
+	<blockquote cite="https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rwvg-gp87-gh6f">;
+	  <p>xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerability could allow remote attackers to execute arbitrary code on the target system.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-68670</cvename>
+      <url>https://www.cve.org/CVERecord?id=CVE-2025-68670</url>;
+    </references>
+    <dates>
+      <discovery>2025-12-06</discovery>
+      <entry>2026-01-27</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="8173e68a-88f3-4862-882c-6e58779d98e7">
     <topic>zeek -- potential DoS vulnerability</topic>
     <affects>
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?697cabf2.20709.8a72c7a>