Hello World,
This will be a quick post related to xRDP & availability of a new release.
So, as you should know by now, xRDP team tends to release new version every 3 to 4 months and make the release cycle predictable. The last release was around Sept 2022 and the release version was 0.9.20. So, we were expecting some new releases in January 2023. However, we have been notified that a new release is already available since December 10, 2022. The latest version of the xRDP is set to 0.9.21.x and tackle a number of security issues (mainly buffer overflow)
Overview
xRDP is a software package that provide remote desktop capabilities against a Linux machine and mimics the Remote Desktop capabilities that can be found in Windows Operating system. Using xRDP, you can basically use your standard remote desktop client on Windows or Linux and you can remotely access your Linux Desktop interface. The team behind the software is releasing on regular basis updates. These updates can introduces new features and/or can address security issues.
The bleeding edge version of xRDP packages are as of today the following
-
- xrdp version 0.9.21.1 has been released in September 15, 2022
- xorgxrdp version 0.9.19 has been released in September 9, 2022 which is the latest version of the software
xRDP 0.9.21.1 Release
You can find the release notes for the xrdp package (and more specifically 0.9.21 & 0.9.21.1) by visiting this page
The release 0.9.21.0 is tackling a number of security issues that have been reported. This update is recommended for all users that are running previous versions of xRDP package. We are providing for your information the different security fixes that the release 0.9.21.x is fixing
- CVE-2022-23468
- CVE-2022-23477
- CVE-2022-23478
- CVE-2022-23479
- CVE-2022-23480
- CVE-2022-23481
- CVE-2022-23483
- CVE-2022-23482
- CVE-2022-23484
- CVE-2022-23493
Version 0.9.21.1 is really a minor update that includes a fix for users that want to build the xrdp package on a distribution other than Arch,Debian,SUSE,Red Hat,FreeBSD and macOsquired to use this release. This release will include the security fixes shipping with version 0.9.21.
Important Note :
Your Linux Distribution will usually not ship with the latest version of the xRDP package. So, if you want to use the latest version of xRDP, you will need to compile the software from sources. You can also use our famous xrdp-installer script that simplifies and automate the installation. (see https://www.c-nergy.be/products.html). Please note that the latest version of the script has not been tested against xrdp pacakge 0.9.21.x yet.
Moreover, the script when using the custom installation mode will install binaries from the dev branch. (so you might end up with version number like 0.9.80). A new version of the script is being worked out and will target the latest production release rather than the dev code. No time frame can be provided at this moment.. We have too many projects and activities ongoing….
Final Notes
This is it for this post !
As promised, this is really a short post but rather important. Indeed, the xrdp team has made this latest xrdp release available (0.9.21.x) in order to fix a number of security issues that you should be aware of. If you are running a previous version of the package, it would be wise and recommended to install the latest version of the package.
Please note that the xRDP package shipping with your Ubuntu Operating system might not be the latest release version. You will need to check if some updates would be made available by the OS provider. If no updates are provided, you might want to build from sources and deploy the latest version of the xRDP Package… At time of writing, Ubuntu is not providing any updates of the xrdp package as shown in their cve web page (see : https://ubuntu.com/security/cves?q=CVE-2022-23468)
We are working on a new version of the xrdp-installer script to tackle some identified (minor) issues. When ready, this script release will install the version 0.9.21.x on your system
Stay tuned…
Till Next time
See ya
Hello,
May we ask you some questions? currently, we’re running xrdp-0.9.12 on ubuntu 20, but faces lots of CVEs can not be fixed without ubuntu pro(esm packages).
So, we’re considering upgrade to 0.9.21 or the latest version on our ubuntu 20.04 servers, is that compatible?
Thanks in advance!
@Gary,
Thank you for visiting our blog and sharing your concerns… As far as I know, yes, you can install version xrdp 0.9.21 on Ubuntu version 20.04. There should be no compatibility issue.
To get latest xrdp package, you will need to compile from source…
Hope this help
Till next time
See ya