From nobody Fri Jan 30 13:02:42 2026 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4f2blQ2Whnz6PgJQ for ; Fri, 30 Jan 2026 13:02:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4f2blQ1YNnz3dqP for ; Fri, 30 Jan 2026 13:02:42 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1769778162; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jKTmnvtFpe85Kt5vkw9nm/z479LRfMau60SPYKCp0og=; b=I7FVcMbe895BlYhDZkEXeJ5LLud4VnN5YTVHnyh/cOUpiF28TKWQ4IuV/z1EqHrafq7wGJ 9HQYTWx+gdjN/uw4dhC3qpu5/fkyekK89LG15P/6yntYLf0U286s8mqGQi2FvCaU6y2A+S uIoNFLXBLdXca1B6AjUE34GwPYK70F4BvsOm35ITDSPkzDwaapp9kJcgZBDbCuXabs87bf 9UtanYg9trxrAqXU71M80HVplpfGlLoqb/HOxOdDo1YWch6d9FCVn3a4TJ2ZllEmnZACaw FJsaBRmGhI8na2iBKgt58j2KPz2siPd09++nYfNrUc/shUspnA92qi+93T2gLA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1769778162; a=rsa-sha256; cv=none; b=SjvgAmVXQzg72QTatl0GcRXe4EuURKV/dWL6NXTHfoz4kjQ7Jbkr+obr6Ffecp4RvnY+hd F1Z1IBSJRUBPp+Ixar8I/4538ZuK3l2SY535BpgYk9k4NaLJ35folbcgXLJLC+wIuLJl0A dGhY/5p5zgESeOophlGPxOHW5HaiAD9CXu1F5tIalIaDwRI7GwBHlr0Gz5Qu0xGb6SylYo FeyeyOIX7SiZml9jjknA5R/9zj8QOUgpX/auFeo08S73WJhm7rrYddp5A87Ex595wcoaxq EaxXEtKA4eZMCerx7ex5oC/FVVuk/x1Equ4H/S986+4rEoK1UMT2G4rPSpcJiw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1769778162; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=jKTmnvtFpe85Kt5vkw9nm/z479LRfMau60SPYKCp0og=; b=jYr6LEoh7I+bqx09g4p8wqljl3OtlvELCLl8m5JSNLpEVNuW4/6QSGKMss59TC2QlKkOQQ +OFzar+K1DlRoRbO3VlvYMbJtX84nXRVz81GqNiw6mSzSSfDt/oGFcVUp4Vyj5MiCxp1Hx EwfU8D7fRRWvU/YN00o98hAH/qoK1/uDwt0oljdvfbMYd9rh1aSeNsEDaBKEOKuj3VC6IJ qiHOl1GLY/2FC2rm8zRSeQmeeHk0tQfEwWXzQyzrQKw7tQPxseSPZi5uf57ck15CD+2Vjf vBaBQ9UwC4p+wXt3w5CpCjjhRJ6mBUNP0i/s18AWQ8P3Q6WAYYKRNy2P3jsD0Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4f2blQ0bcYz1NNK for ; Fri, 30 Jan 2026 13:02:42 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 20709 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Fri, 30 Jan 2026 13:02:42 +0000 To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Koichiro Iwao Subject: git: 4f024b963a2d - main - security/vuxml: Document xrdp RCE vulnerability List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: meta X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 4f024b963a2d48f7c00362d8b47a1b185eb7df27 Auto-Submitted: auto-generated Date: Fri, 30 Jan 2026 13:02:42 +0000 Message-Id: <697cabf2.20709.8a72c7a@gitrepo.freebsd.org> The branch main has been updated by meta: URL: https://cgit.FreeBSD.org/ports/commit/?id=4f024b963a2d48f7c00362d8b47a1b185eb7df27 commit 4f024b963a2d48f7c00362d8b47a1b185eb7df27 Author: Koichiro Iwao AuthorDate: 2026-01-30 02:52:33 +0000 Commit: Koichiro Iwao CommitDate: 2026-01-30 13:02:08 +0000 security/vuxml: Document xrdp RCE vulnerability Security: https://www.cve.org/CVERecord?id=CVE-2025-68670 Security: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-rwvg-gp87-gh6f --- security/vuxml/vuln/2026.xml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index f2e8c68c451f..bcfd780ce523 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,29 @@ + + xrdp -- remote code execution + + +xrdp +0.10.5 + + + + +

Denis Skvortsov, Security Researcher at Kaspersky reports:

+
+

xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerability could allow remote attackers to execute arbitrary code on the target system.

+
+ +
+ + CVE-2025-68670 + https://www.cve.org/CVERecord?id=CVE-2025-68670 + + + 2025-12-06 + 2026-01-27 + +
+ zeek -- potential DoS vulnerability