Mageia 2022-0364: kitty security update | LinuxSecurity.com
MGASA-2022-0364 - Updated kitty packages fix security vulnerability

Publication date: 08 Oct 2022
URL: https://advisories.mageia.org/MGASA-2022-0364.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-41322

In Kitty before 0.26.2, insufficient validation in the desktop
notification escape sequence can lead to arbitrary code execution. The
user must display attacker-controlled content in the terminal, then
click on a notification popup. (CVE-2022-41322)

References:
- https://bugs.mageia.org/show_bug.cgi?id=30930
- https://nvd.nist.gov/vuln/detail/CVE-2022-41322
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/47RK7MBSVY5BWDUTYMJUFPBAYFSWMTOI/
- https://sw.kovidgoyal.net/kitty/changelog/#id2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41322

SRPMS:
- 8/core/kitty-0.26.3-1.mga8

Mageia 2022-0364: kitty security update

In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution

Summary

In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup. (CVE-2022-41322)

References

- https://bugs.mageia.org/show_bug.cgi?id=30930

- https://nvd.nist.gov/vuln/detail/CVE-2022-41322

- https://lists.fedoraproject.org/archives/list/[email protected]/thread/47RK7MBSVY5BWDUTYMJUFPBAYFSWMTOI/

- https://sw.kovidgoyal.net/kitty/changelog/#id2

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41322

Resolution

MGASA-2022-0364 - Updated kitty packages fix security vulnerability

SRPMS

- 8/core/kitty-0.26.3-1.mga8

Severity
Publication date: 08 Oct 2022
URL: https://advisories.mageia.org/MGASA-2022-0364.html
Type: security
CVE: CVE-2022-41322

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.