| Summary: | rxvt-unicode new security issue CVE-2022-4170 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, herman.viaene, nicolas.salguero, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | rxvt-unicode-9.26-1.mga8.src.rpm | CVE: | CVE-2022-4170 |
| Status comment: | |||
|
Description
Nicolas Salguero
2022-12-06 09:53:58 CET
Nicolas Salguero
2022-12-06 09:55:19 CET
Whiteboard:
(none) =>
MGA8TOO Suggested advisory: ======================== The updated package fixes a security vulnerability: rxvt-unicode 9.25 and 9.26 are vulnerable to remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. (CVE-2022-4170) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4170 https://www.openwall.com/lists/oss-security/2022/12/05/1 ======================== Updated package in core/updates_testing: ======================== rxvt-unicode-9.26-1.1.mga8 from SRPM: rxvt-unicode-9.26-1.1.mga8.src.rpm Status:
NEW =>
ASSIGNED MGA8-64 MATE on Acer Aspire 5253 No installation issues. Exercised urxvt with commands pwd, various cd, cp, mkdir, rm, mv, rmdir, touch, vi , all worked OK. Whiteboard:
(none) =>
MGA8-64-OK Validating. Advisory in comment 1. CC:
(none) =>
andrewsfarm, sysadmin-bugs
Dave Hodgins
2022-12-13 02:32:37 CET
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0459.html Status:
ASSIGNED =>
RESOLVED |