It was discovered that xrdp did not properly validate certain input in the
session manager. A local attacker could possibly use this issue to cause a
denial of service or other unspecified impact. (CVE-2017-16927)
It was discovered that xrdp did not properly initialize PAM session
modules. A remote attacker could possibly use this issue to escalate
privileges. (CVE-2017-6967)