[winswitch] [ANNOUNCE] Xpra 6.2.2
Antoine Martin
totaam at xpra.org
Thu Dec 12 09:38:18 GMT 2024
Hi,
This minor update to the v6.2.x branch contains some security fixes,
please update.
The first security issue affects how authentication options are parsed.
Sockets defined using the newer `--bind-XXXX=host:port,auth=module`
syntax would not apply the authentication module to connections upgraded
to use SSL.
A possible workaround is to add `--ssl-auth=module`, or use `--bind-wss`
/ `--bind-ssl=..` only.
The second issue is an overflow of the picture buffers when handling
YUV-to-RGB format conversions for non-OpenGL windows.
A hostile server could potentially write user-controlled data beyond the
end of the malloced buffer.
The self-contained SBOM script was also added to this branch, so all the
MS Windows builds now include a complete SBOM file.
For more details, please see:
https://github.com/Xpra-org/xpra/releases/tag/v6.2.2
Downloads:
https://github.com/Xpra-org/xpra/wiki/Download
Cheers,
Antoine
More information about the shifter-users
mailing list