View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0009538Kali LinuxKali Package Improvementpublic2026-02-11 12:272026-02-12 10:53
Reporteriojymbo Assigned Toarnaudr  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Summary0009538: Upgrade xrdp to 0.10.1-3.1+deb13u1 (CVE-2025-68670)
Description

Hello,

This may be related to the open bug (https://bugs.kali.org/view.php?id=8958). The Kali xrdp package has been stuck at version 0.9.24-5 since the end of 2024.

The issue is that this version contains a critical RCE vulnerability addressed by CVE-2025-68670 (CVSS v3 score: 9.8). The Debian Security team fixed it in version 0.10.1-3.1+deb13u1 as you can see here: https://security-tracker.debian.org/tracker/CVE-2025-68670

Could you please look into updating this package?

Activities

arnaudr

arnaudr

2026-02-11 14:41

manager   ~0021321

Hello,

I looked at this package just last week. The issue is that xrdp in Debian unstable (version 0.10.1-4.1) is affected by the issues mentioned in https://bugs.kali.org/view.php?id=8958, to the best of my knowledge.

I tested the pair of packages xrdb and xorgxrdp that are currently in Debian experimental, however these packages are also broken, I pinged the Maintainer about it: https://bugs.debian.org/1127009

I noticed that the CVE was fixed in bookworm, I'll check to see if the patches apply neatly to 0.9.24 as well.
iojymbo

iojymbo

2026-02-11 16:24

reporter   ~0021322

Thank you Arnaud, I know this is a little tricky to fix this issue...
arnaudr

arnaudr

2026-02-12 10:53

manager   ~0021330

I have uploaded xrdp 0.9.27-0kali1 which should hit Kali rolling in a few hours. It's the latest point release from the upstream branch 0.9, it contains the patches for CVE-2025-68670.

Thanks for reporting this issue!

Issue History

Date Modified Username Field Change
2026-02-11 12:27 iojymbo New Issue
2026-02-11 14:41 arnaudr Note Added: 0021321
2026-02-11 16:24 iojymbo Note Added: 0021322
2026-02-12 10:53 arnaudr Note Added: 0021330
2026-02-12 10:53 arnaudr Assigned To => arnaudr
2026-02-12 10:53 arnaudr Status new => resolved
2026-02-12 10:53 arnaudr Resolution open => fixed