Hi,
This minor update to the v6.2.x branch contains some security fixes,
please update.
The first security issue affects how authentication options are parsed.
Sockets defined using the newer `--bind-XXXX=host:port,auth=module`
syntax would not apply the authentication module to connections upgraded
to use SSL.
A possible workaround is to add `--ssl-auth=module`, or use `--bind-wss`
/ `--bind-ssl=..` only.
The second issue is an overflow of the picture buffers when handling
YUV-to-RGB format conversions for non-OpenGL windows.
A hostile server could potentially write user-controlled data beyond the
end of the malloced buffer.
The self-contained SBOM script was also added to this branch, so all the
MS Windows builds now include a complete SBOM file.
For more details, please see:
https://github.com/Xpra-org/xpra/releases/tag/v6.2.2
Downloads:
https://github.com/Xpra-org/xpra/wiki/Download
Cheers,
Antoine
_______________________________________________
shifter-users mailing list
shifter-users@lists.devloop.org.uk
https://lists.devloop.org.uk/mailman/listinfo/shifter-users
