Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 40 ET Advisory 2024-b745c97f4b Critical: Data Exposure & CRLF Threat

fedora
Calendar Grey May 2, 2024
Dist Fedora Esm H88
A recent Fedora enhancement for et 6.2.8 resolves significant vulnerabilities related to data leakage and CRLF injection with essential patches.
Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258 Unbundle cpp-httlib, fixing CVE-2023-26130

Summary

Eternal Terminal (ET) is a remote shell that automatically reconnects without

interrupting the session.

Update Information:

Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258 Unbundle cpp-httlib, fixing CVE-2023-26130

Topics%20covered

Topics Covered

security advisory Fedora information exposure remote shell CRLF injection et et update

Change Log

* Tue Apr 30 2024 Michel Lind - 6.2.8-1 - Update to 6.2.8 (rhbz#2162155) - Temporarily rebundle catch2; the version in Fedora is too old * Fri Apr 26 2024 Michel Lind - 6.2.1-15 - Disable unwind on s390x * Fri Apr 26 2024 Michel Lind - 6.2.1-14 - Unbundle cpp-httplib (rhbz#2169585) - Eliminate almost all sed usage - Use find_package to find cxxopts - Use pkg_check_modules to find easylogging++ - Enable SELinux support - Enable unwind support * Thu Apr 25 2024 Michel Lind - 6.2.1-13 - Use SPDX license identifier

References


[ 1 ] Bug #2161247 - CVE-2022-48257 et: EternalTerminal: information exposure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2161247 [ 2 ] Bug #2161251 - CVE-2022-48258 et: MisterTea/EternalTerminal: information exposure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2161251 [ 3 ] Bug #2162155 - et-6.2.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=2162155 [ 4 ] Bug #2169585 - Please try to use cpp-httplib-devel package https://bugzilla.redhat.com/show_bug.cgi?id=2169585 [ 5 ] Bug #2211077 - CVE-2023-26130 et: cpp-httplib: CRLF Injection [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2211077 [ 6 ] Bug #2211079 - CVE-2023-26130 et: cpp-httplib: CRLF Injection [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2211079

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-b745c97f4b' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: et
Product: Fedora 40
Version: 6.2.8
Release: 1.fc40
URL: https://eternalterminal.dev/
Summary: Remote shell that survives IP roaming and disconnect

Topics%20covered

Topics Covered

security advisory Fedora information exposure remote shell CRLF injection et et update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here