Fedora Security Advisories

• xrdp-0.10.5-1.el9

Release notes for xrdp v0.10.5 (2026/01/27)

Security fixes

• CVE-2025-68670: Improper bounds checking of domain string length leads to Stack-based Buffer Overflow

New features

• It is now possible to start the xrdp daemon entirely unprivileged from the service manager (#3599 #3603). If you do this certain restrictions will apply. See https://github.com/neutrinolabs/xrdp/wiki/Running-the-xrdp-process-as-non-root for details.
• TLS pre-master secrets can now be recorded for packet captures (#3617)
• Add a FuseRootReportMaxFree to work around 'no free space' issues with some file managers (#3639)
• Alternate shell names can now be passed to startwm.sh in an environment variable for more system management control (#3624 #3651)
• Updated Xorg paths in sesman.ini to include more recent distros (#3663)
• Add Slovenian keyboard (#3668 #3670)
• xrdpapi: Add a way to monitor connect/disconnect events (#3693)

Bug fixes

• Allow an empty X11 UTF8_STRING to be pasted to the clipboard (#3580 #3582)
• Fix a regression introduced in v0.10.x, where it became impossible to connect to a VNC server which did not support the ExtendedDesktopSize encoding (#3540 #3584)
• Fix a regression introduced in v0.10.x related to PAM groups handling (#3594)
• Inconsistencies with [MS-RDPBCGR] have been addressed (#3608)
• A reference to uninitialised data within the verify_user_pam_userpass.c module has been fixed (#3638)
• Prevent some possible crashes when the RFX encoder is resized (#3590 #3644)
• Fixes a regression introduced by GFX development which prevented the JPEG encoder from working correctly (#3649)
• Fixes a regression introduced by #2974 which resulted in the xrdp PID file being deleted unexpectedly (#3650)
• Do not overwrite a VNC port set by the user when not using sesman (#3674)
• Fix regression from 0.9.x when freerdp client uses /workarea (#3618 #3676)
• Fixes a crash where a resize is attempted with drdynvc disabled (#3672 #3680)
• getgrouplist() now compiles on MacOS (#3575)
• Various Coverity warnings have been addressed (#3656)
• Documentation improvements (#3665)

Internal changes

• An unnecessary include of sys/signal.h causing a compile warning on MUSL-C has been removed (#3679)

• xrdp-0.10.5-1.fc42

Release notes for xrdp v0.10.5 (2026/01/27)

Security fixes

• CVE-2025-68670: Improper bounds checking of domain string length leads to Stack-based Buffer Overflow

New features

• It is now possible to start the xrdp daemon entirely unprivileged from the service manager (#3599 #3603). If you do this certain restrictions will apply. See https://github.com/neutrinolabs/xrdp/wiki/Running-the-xrdp-process-as-non-root for details.
• TLS pre-master secrets can now be recorded for packet captures (#3617)
• Add a FuseRootReportMaxFree to work around 'no free space' issues with some file managers (#3639)
• Alternate shell names can now be passed to startwm.sh in an environment variable for more system management control (#3624 #3651)
• Updated Xorg paths in sesman.ini to include more recent distros (#3663)
• Add Slovenian keyboard (#3668 #3670)
• xrdpapi: Add a way to monitor connect/disconnect events (#3693)

Bug fixes

• Allow an empty X11 UTF8_STRING to be pasted to the clipboard (#3580 #3582)
• Fix a regression introduced in v0.10.x, where it became impossible to connect to a VNC server which did not support the ExtendedDesktopSize encoding (#3540 #3584)
• Fix a regression introduced in v0.10.x related to PAM groups handling (#3594)
• Inconsistencies with [MS-RDPBCGR] have been addressed (#3608)
• A reference to uninitialised data within the verify_user_pam_userpass.c module has been fixed (#3638)
• Prevent some possible crashes when the RFX encoder is resized (#3590 #3644)
• Fixes a regression introduced by GFX development which prevented the JPEG encoder from working correctly (#3649)
• Fixes a regression introduced by #2974 which resulted in the xrdp PID file being deleted unexpectedly (#3650)
• Do not overwrite a VNC port set by the user when not using sesman (#3674)
• Fix regression from 0.9.x when freerdp client uses /workarea (#3618 #3676)
• Fixes a crash where a resize is attempted with drdynvc disabled (#3672 #3680)
• getgrouplist() now compiles on MacOS (#3575)
• Various Coverity warnings have been addressed (#3656)
• Documentation improvements (#3665)

Internal changes

• An unnecessary include of sys/signal.h causing a compile warning on MUSL-C has been removed (#3679)

• xrdp-0.10.5-1.el8

Release notes for xrdp v0.10.5 (2026/01/27)

Security fixes

• CVE-2025-68670: Improper bounds checking of domain string length leads to Stack-based Buffer Overflow

New features

• It is now possible to start the xrdp daemon entirely unprivileged from the service manager (#3599 #3603). If you do this certain restrictions will apply. See https://github.com/neutrinolabs/xrdp/wiki/Running-the-xrdp-process-as-non-root for details.
• TLS pre-master secrets can now be recorded for packet captures (#3617)
• Add a FuseRootReportMaxFree to work around 'no free space' issues with some file managers (#3639)
• Alternate shell names can now be passed to startwm.sh in an environment variable for more system management control (#3624 #3651)
• Updated Xorg paths in sesman.ini to include more recent distros (#3663)
• Add Slovenian keyboard (#3668 #3670)
• xrdpapi: Add a way to monitor connect/disconnect events (#3693)

Bug fixes

• Allow an empty X11 UTF8_STRING to be pasted to the clipboard (#3580 #3582)
• Fix a regression introduced in v0.10.x, where it became impossible to connect to a VNC server which did not support the ExtendedDesktopSize encoding (#3540 #3584)
• Fix a regression introduced in v0.10.x related to PAM groups handling (#3594)
• Inconsistencies with [MS-RDPBCGR] have been addressed (#3608)
• A reference to uninitialised data within the verify_user_pam_userpass.c module has been fixed (#3638)
• Prevent some possible crashes when the RFX encoder is resized (#3590 #3644)
• Fixes a regression introduced by GFX development which prevented the JPEG encoder from working correctly (#3649)
• Fixes a regression introduced by #2974 which resulted in the xrdp PID file being deleted unexpectedly (#3650)
• Do not overwrite a VNC port set by the user when not using sesman (#3674)
• Fix regression from 0.9.x when freerdp client uses /workarea (#3618 #3676)
• Fixes a crash where a resize is attempted with drdynvc disabled (#3672 #3680)
• getgrouplist() now compiles on MacOS (#3575)
• Various Coverity warnings have been addressed (#3656)
• Documentation improvements (#3665)

Internal changes

• An unnecessary include of sys/signal.h causing a compile warning on MUSL-C has been removed (#3679)

• xrdp-0.10.5-1.fc43

Release notes for xrdp v0.10.5 (2026/01/27)

Security fixes

• CVE-2025-68670: Improper bounds checking of domain string length leads to Stack-based Buffer Overflow

New features

• It is now possible to start the xrdp daemon entirely unprivileged from the service manager (#3599 #3603). If you do this certain restrictions will apply. See https://github.com/neutrinolabs/xrdp/wiki/Running-the-xrdp-process-as-non-root for details.
• TLS pre-master secrets can now be recorded for packet captures (#3617)
• Add a FuseRootReportMaxFree to work around 'no free space' issues with some file managers (#3639)
• Alternate shell names can now be passed to startwm.sh in an environment variable for more system management control (#3624 #3651)
• Updated Xorg paths in sesman.ini to include more recent distros (#3663)
• Add Slovenian keyboard (#3668 #3670)
• xrdpapi: Add a way to monitor connect/disconnect events (#3693)

Bug fixes

• Allow an empty X11 UTF8_STRING to be pasted to the clipboard (#3580 #3582)
• Fix a regression introduced in v0.10.x, where it became impossible to connect to a VNC server which did not support the ExtendedDesktopSize encoding (#3540 #3584)
• Fix a regression introduced in v0.10.x related to PAM groups handling (#3594)
• Inconsistencies with [MS-RDPBCGR] have been addressed (#3608)
• A reference to uninitialised data within the verify_user_pam_userpass.c module has been fixed (#3638)
• Prevent some possible crashes when the RFX encoder is resized (#3590 #3644)
• Fixes a regression introduced by GFX development which prevented the JPEG encoder from working correctly (#3649)
• Fixes a regression introduced by #2974 which resulted in the xrdp PID file being deleted unexpectedly (#3650)
• Do not overwrite a VNC port set by the user when not using sesman (#3674)
• Fix regression from 0.9.x when freerdp client uses /workarea (#3618 #3676)
• Fixes a crash where a resize is attempted with drdynvc disabled (#3672 #3680)
• getgrouplist() now compiles on MacOS (#3575)
• Various Coverity warnings have been addressed (#3656)
• Documentation improvements (#3665)

Internal changes

• An unnecessary include of sys/signal.h causing a compile warning on MUSL-C has been removed (#3679)

• python-python-multipart-0.0.20-2.el9

Backport the fix for CVE-2026-24486 / GHSA-wp53-j4wj-2cfg: drop directory path from filename in File.

• openqa-5^20250711git28a0214-4.fc42

This update bumps the bundled lodash to 4.17.23 to ensure openQA is protected against CVE-2025-13465. It likely was not vulnerable in any case, though, as I don't believe the vulnerable codepaths were exposed by openQA's use of lodash.

• openssl-3.2.6-3.fc42

Don't crash on parsing PKCS#12 without MAC Resolves: CVE-2025-11187 Resolves: CVE-2025-15467 Resolves: CVE-2025-69419

• openssl-3.5.4-2.fc43

Resolves: CVE-2025-15467 Resolves: CVE-2025-15468 Resolves: CVE-2025-15469 Resolves: CVE-2025-66199 Resolves: CVE-2025-68160 Resolves: CVE-2025-69418 Resolves: CVE-2025-69420 Resolves: CVE-2025-69421 Resolves: CVE-2025-69419 Resolves: CVE-2026-22795 Resolves: CVE-2026-22796 Resolves: CVE-2025-11187

• java-latest-openjdk-26.0.0.0.32-0.0.1.ea.el8

January 2026 annual updates

• java-latest-openjdk-26.0.0.0.32-0.0.1.ea.el10_2
• java-latest-openjdk-portable-26.0.0.0.32-0.1.ea.rolling.el8

January 2026 annual updates

• java-latest-openjdk-26.0.0.0.32-0.0.1.ea.el9

January 2026 annual updates

• java-21-openjdk-21.0.10.0.7-2.fc43
• java-25-openjdk-25.0.2.0.10-2.fc43
• java-latest-openjdk-26.0.0.0.32-0.0.1.ea.fc43

January 2026 annual updates

January 2026 security update

• java-21-openjdk-21.0.10.0.7-2.fc42
• java-25-openjdk-25.0.2.0.10-2.fc42
• java-latest-openjdk-26.0.0.0.32-0.0.1.ea.fc42

January 2026 annual updates

January 2026 security update

• python-python-multipart-0.0.22-1.el10_2

Security fix for CVE-2026-24486 / GHSA-wp53-j4wj-2cfg.

• Drop directory path from filename in File

• yarnpkg-1.22.22-16.el10_2

Update vendor bundle, fixes CVE-2025-13465.

• yarnpkg-1.22.22-16.el9

Update vendor bundle, fixes CVE-2025-13465.

• yarnpkg-1.22.22-16.fc42

Regenerate vendor tarball. Fixes CVE-2025-13465.

• yarnpkg-1.22.22-16.fc43

Regenerate vendor tarball. Fixes CVE-2025-13465.

• pgadmin4-9.11-3.fc42

Regenerate vendor tarball. Fixes CVE-2025-13465.

• pgadmin4-9.11-3.fc43

Regenerate vendor tarball. Fixes CVE-2025-13465.