0009538: Upgrade xrdp to 0.10.1-3.1+deb13u1 (CVE-2025-68670)

ID	Project	Category	View Status	Date Submitted	Last Update

0009538	Kali Linux	Kali Package Improvement	public	2026-02-11 12:27	2026-02-11 14:41

Reporter	iojymbo	Assigned To
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	new	Resolution	open

Summary	0009538: Upgrade xrdp to 0.10.1-3.1+deb13u1 (CVE-2025-68670)
Description	Hello, This may be related to the open bug (https://bugs.kali.org/view.php?id=8958). The Kali xrdp package has been stuck at version 0.9.24-5 since the end of 2024. The issue is that this version contains a critical RCE vulnerability addressed by CVE-2025-68670 (CVSS v3 score: 9.8). The Debian Security team fixed it in version 0.10.1-3.1+deb13u1 as you can see here: https://security-tracker.debian.org/tracker/CVE-2025-68670 Could you please look into updating this package?

arnaudr 2026-02-11 14:41 manager ~0021321	Hello, I looked at this package just last week. The issue is that xrdp in Debian unstable (version `0.10.1-4.1`) is affected by the issues mentioned in https://bugs.kali.org/view.php?id=8958, to the best of my knowledge. I tested the pair of packages xrdb and xorgxrdp that are currently in Debian experimental, however these packages are also broken, I pinged the Maintainer about it: https://bugs.debian.org/1127009 I noticed that the CVE was fixed in bookworm, I'll check to see if the patches apply neatly to 0.9.24 as well.

Date Modified	Username	Field	Change
2026-02-11 12:27	iojymbo	New Issue
2026-02-11 14:41	arnaudr	Note Added: 0021321