Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 2 articles for you...
91
security advisorydenial of servicegentooGentoo: GLSA 202409-27 normal: tmux null pointer dereference issue
A vulnerability has been found in tmux which could result in application crash.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202409-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: tmux: Null Pointer Dereference Date: September 28, 2024 Bugs: #891783 ID: 202409-27 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A vulnerability has been found in tmux which could result in application crash. Background ========== tmux is a terminal multiplexer. Affected packages ================= Package Vulnerable Unaffected ------------- ------------ ------------ app-misc/tmux < 3.4 > = 3.4 Description =========== A null pointer dereference issue was discovered in function window_pane_set_event in window.c in which allows attackers to cause denial of service or other unspecified impacts. Impact ====== Manipulating tmux window state could result in a null pointer dereference. Workaround ========== There is no known workaround at this time. Resolution ========== All tmux users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-misc/tmux-3.4" References ========== [ 1 ] CVE-2022-47016 https://nvd.nist.gov/vuln/detail/CVE-2022-47016 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202409-27 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Sep 28, 2024
Gentoo
203
security advisorycritical issuesoftware updateMageia: 2023-0084 Critical: Tmux Null Pointer Dereference Fix
Fixed a null pointer dereference in window.c. (CVE-2022-47016) References: - https://bugs.mageia.org/show_bug.cgi?id=31498 - https://lists.suse.com/pipermail/sle-security-updates/2023-February/013614.html . MGASA-2023-0084 - Updated tmux packages fix security vulnerability Publication date: 11 Mar 2023 URL: https://advisories.mageia.org/MGASA-2023-0084.html Type: security Affected Mageia releases: 8 CVE: CVE-2022-47016 Fixed a null pointer dereference in window.c. (CVE-2022-47016) References: - https://bugs.mageia.org/show_bug.cgi?id=31498 - https://lists.suse.com/pipermail/sle-security-updates/2023-February/013614.html - - https://ubuntu.com/security/notices/USN-5843-1 - https://www.cve.org/CVERecord?id=CVE-2022-47016 SRPMS: - 8/core/tmux-3.1c-1.1.mga8 . The latest tmux versions resolve a critical null pointer issue pertaining to CVE-2022-47016 in Mageia, providing vital security enhancements.. tmux Security, Mageia Update, Null Pointer Issue, Security Advisory. . Severity: Critical. LinuxSecurity.com Team
Mar 11, 2023
•Critical
Mageia
172
security advisorydenial of serviceUbuntuUbuntu 22.10: Tmux Denial Of Service Vulnerability - Moderate Severity
tmux could be made to crash if it received a specially crafted input.. =========================================================================Ubuntu Security Notice USN-5843-1 February 06, 2023 tmux vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: tmux could be made to crash if it received a specially crafted input. Software Description: - tmux: terminal multiplexer Details: It was discovered that tmux incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: tmux 3.3a-1ubuntu0.1 Ubuntu 22.04 LTS: tmux 3.2a-4ubuntu0.2 Ubuntu 20.04 LTS: tmux 3.0a-2ubuntu0.4 Ubuntu 18.04 LTS: tmux 2.6-3ubuntu0.3 Ubuntu 16.04 ESM: tmux 2.1-3ubuntu0.1~esm1 Ubuntu 14.04 ESM: tmux 1.8-5ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5843-1 CVE-2022-47016 Package Information: https://launchpad.net/ubuntu/+source/tmux/3.3a-1ubuntu0.1 https://launchpad.net/ubuntu/+source/tmux/3.2a-4ubuntu0.2 https://launchpad.net/ubuntu/+source/tmux/3.0a-2ubuntu0.4 https://launchpad.net/ubuntu/+source/tmux/2.6-3ubuntu0.3 . A critical tmux vulnerability could result in a denial of service through specially crafted input. Users on Ubuntu are urged to update without delay.. tmux vulnerability, Ubuntu security notice, denial of service. . LinuxSecurity.com Team
Feb 06, 2023
Ubuntu
202
security advisorymoderatesoftware updateopenSUSE Leap 15.4 Moderate: tmux Security Update SUSE-SU-2023:0220-1
An update that fixes one vulnerability is now available.. SUSE Security Update: Security update for tmux ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0220-1 Rating: moderate References: #1207393 Cross-References: CVE-2022-47016 CVSS scores: CVE-2022-47016 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-47016 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tmux fixes the following issues: - CVE-2022-47016: Fixed a null pointer dereference in window.c. (bsc#1207393) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-220=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): tmux-3.1c-150300.3.3.1 tmux-debuginfo-3.1c-150300.3.3.1 tmux-debugsource-3.1c-150300.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-47016.html https://bugzilla.suse.com/1207393 . Upgrade available for tmux addressing CVE-2022-47016: classified as moderate risk. Please refer to the installation guide for openSUSE Leap 15.4.. openSUSE Security Update, tmux Patch, CVE-2022-47016. . LinuxSecurity.com Team
Feb 01, 2023
OpenSUSE
91
security advisorygentoobuffer overflowGentoo: GLSA-202011-10 Normal: tmux Buffer Overflow Risk
A buffer overflow in tmux might allow remote attacker(s) to execute arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202011-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: tmux: Buffer overflow Date: November 11, 2020 Bugs: #753206 ID: 202011-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A buffer overflow in tmux might allow remote attacker(s) to execute arbitrary code. Background ========= tmux is a terminal multiplexer. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-misc/tmux < 3.1c > = 3.1c Description ========== A flaw in tmux's handling of escape characters was discovered which may allow a buffer overflow. Impact ===== A remote attacker could possibly execute arbitrary code with the privileges of the process, or cause a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All tmux users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-misc/tmux-3.1c" References ========= [ 1 ] CVE-2020-27347 https://nvd.nist.gov/vuln/detail/CVE-2020-27347 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202011-10 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any securityconcerns should be addressed to
Nov 10, 2020
Gentoo
202
security advisorymoderateupdateopenSUSE: 2020:1834-1 Moderate: tmux Stack Overflow Fixed
An update that solves two vulnerabilities and has two fixes is now available.. openSUSE Security Update: Security update for tmux ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1834-1 Rating: moderate References: #1037468 #1116887 #1120170 #1178263 Cross-References: CVE-2018-19387 CVE-2020-27347 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1 openSUSE Backports SLE-15-SP2 openSUSE Backports SLE-15-SP1 SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for tmux fixes the following issues: - Update to version 3.1c * Fix a stack overflow on colon-separated CSI parsing. boo#1178263 CVE-2020-27347 - tmux 3.1b: * Fix crash when allow-rename ison and an empty name is set - tmux 3.1a: * Do not close stdout prematurely in control mode since it is needed to print exit messages. Prevents hanging when detaching with iTerm2 - includes changes between 3.1-rc1 and 3.1: * Only search the visible part of the history when marking (highlighting) search terms. This is much faster than searching the whole history and solves problems with large histories. The count of matches shown is now the visible matches rather than all matches * Search using regular expressions in copy mode. search-forward and search-backward use regular expressions by default; the incremental versions do not * Turn off mouse mode 1003 as well as the rest when exiting * Add selection_active format for when the selection is present but not moving with the cursor * Fix dragging with modifier keys, so binding keys such as C-MouseDrag1Pane andC-MouseDragEnd1Pane now work * Add -a to list-keys to also list keys without notes with -N * Do not jump to next word end if already on a word end when selecting a word; fixes select-word with single character words and vi(1) keys * Fix top and bottom pane calculation with pane border status enabled - Update to v3.1-rc * Please see the included CHANGES file - Fix tmux completion - Update to v3.0a * A lot of changes since v2.9a, please see the included CHANGES file. - Update to v2.9a - Fix bugs in select-pane and the main-horizontal and main-vertical layouts. - Add trailing newline to tmpfiles.d/tmux.conf. On newer systems (such as Leap 15.1), the lack of a trailing newline appears to cause the directory to not be created. This is only evident on setups where /run is an actual tmpfs (on btrfs-root installs, /run is a btrfs subvolume and thus /run/tmux is persistent across reboots). - Update to version 2.9 * Add format variables for the default formats in the various modes (tree_mode_format and so on) and add a -a flag to display-message to list variables with values. * Add a -v flag to display-message to show verbose messages as the format is parsed, this allows formats to be debugged * Add support for HPA (\033[`). * Add support for origin mode (\033[?6h). * No longer clear history on RIS. * Extend the #[] style syntax and use that together with previous format changes to allow the status line to be entirely configured with a single option. * Add E: and T: format modifiers to expand a format twice (useful to expand the value of an option). * The individual -fg, -bg and -attr options have been removed; they were superseded by -style options in tmux 1.9. * Add -b to display-panes like run-shell. * Handle UTF-8 in word-separators option. * New "terminal" colour allowing options to use the terminal default colour ratherthan inheriting the default from a parent option. * Do not move the cursor in copy mode when the mouse wheel is used. * Use the same working directory rules for jobs as new windows rather than always starting in the user's home. * Allow panes to be one line or column in size. * Go to last line when goto-line number is out of range in copy mode. * Yank previously cut text if any with C-y in the command prompt, only use the buffer if no text has been cut. * Add q: format modifier to quote shell special characters. * Add -Z to find-window. * Support for windows larger than the client. This adds two new options, window-size and default-size, and a new command, resize-window. The force-width and force-height options and the session_width and session_height formats have been removed. - update to 2.8 - move bash-completion to right place * Make display-panes block the client until a pane is chosen or it times out. * Clear history on RIS like most other terminals do. * Add an "Any" key to run a command if a key is pressed that is not bound in the current key table. * Expand formats in load-buffer and save-buffer. * Add a rectangle_toggle format. * Add set-hook -R to run a hook immediately. * Add pane focus hooks. * Allow any punctuation as separator for s/x/y not only /. * Improve resizing with the mouse (fix resizing the wrong pane in some layouts, and allow resizing multiple panes at the same time). * Allow , and } to be escaped in formats as #, and #}. * Add KRB5CCNAME to update-environment. * Change meaning of -c to display-message so the client is used if it matches the session given to -t. * Fixes to : form of SGR. * Add x and X to choose-tree to kill sessions, windows or panes. - Add bash completion for tmux - Update to 2.7 * Remove EVENT_* variables from environment on platforms where tmux uses them so they do not pass on to panes. * Fixed for hooks at server exit. * Remove SGR 10 (was equivalent to SGR 0 but no other terminal seems to do this). * Expand formats in window and session names. * Add -Z flag to choose-tree, choose-client, choose-buffer to automatically zoom the pane when the mode is entered and unzoom when it exits, assuming the pane is not already zoomed. This is now part of the default key bindings. * Add C-g to exit modes with emacs keys. * Add exit-empty option to exit server if no sessions (default = on) * Show if a filter is present in choose modes. * Add pipe-pane -I to to connect stdin of the child process. * Performance improvements for reflow. * Use RGB terminfo(5) capability to detect RGB colour terminals (the existing Tc extension remains unchanged). * Support for ISO colon-separated SGR sequences. * Add select-layout -E to spread panes out evenly (bound to E key). * Support wide characters properly when reflowing. * Pass PWD to new panes as a hint to shells, as well as calling chdir(). * Performance improvements for the various choose modes. * Only show first member of session groups in tree mode (-G flag to choose-tree to show all). * Support %else in config files to match %if * Fix "kind" terminfo(5) capability to be S-Down not S-Up. * Add a box around the preview label in tree mode. * Show exit status and time in the remain-on-exit pane text * Correctly use pane-base-index in tree mode. * Change the allow-rename option default to off. * Support for xterm(1) title stack escape sequences * Correctly remove padding cells to fix a UTF-8 display problem - build from release tarball instead of source (drops automake dep) - Bash completion is now removed and provided by - cleanup specfile directory with tmpfiles.d functionality in /run/tmux Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installationmethods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2020-1834=1 - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-1834=1 - openSUSE Backports SLE-15-SP2: zypper in -t patch openSUSE-2020-1834=1 - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2020-1834=1 - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2020-1834=1 Package List: - openSUSE Leap 15.2 (x86_64): tmux-3.1c-lp152.2.3.1 tmux-debuginfo-3.1c-lp152.2.3.1 tmux-debugsource-3.1c-lp152.2.3.1 - openSUSE Leap 15.1 (x86_64): tmux-3.1c-lp151.3.3.1 tmux-debuginfo-3.1c-lp151.3.3.1 tmux-debugsource-3.1c-lp151.3.3.1 - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64): tmux-3.1c-bp152.2.3.1 tmux-debuginfo-3.1c-bp152.2.3.1 tmux-debugsource-3.1c-bp152.2.3.1 - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64): tmux-3.1c-bp151.4.3.1 - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64): tmux-3.1c-18.1 References: https://www.suse.com/security/cve/CVE-2018-19387.html https://www.suse.com/security/cve/CVE-2020-27347.html https://bugzilla.suse.com/1037468 https://bugzilla.suse.com/1116887 https://bugzilla.suse.com/1120170 https://bugzilla.suse.com/1178263 -- . An important patch for tmux on Fedora targeting minor vulnerabilities to improve overall system security and performance.. openSUSE Security, tmux Update, System Protection, Package Update. . LinuxSecurity.com Team
Nov 05, 2020
OpenSUSE
172
security advisorycode executionUbuntuUbuntu 20.10 and 20.04: USN-4618-1 Moderate: tmux Code Execution Risk
tmux could be made to crash or execute arbitrary code if it received a specially crafted input.. =========================================================================Ubuntu Security Notice USN-4618-1 November 05, 2020 tmux vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.10 - Ubuntu 20.04 LTS Summary: tmux could be made to crash or execute arbitrary code if it received a specially crafted input. Software Description: - tmux: terminal multiplexer Details: Sergey Nizovtsev discovered that tmux incorrectly handled some inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.10: tmux 3.1b-1ubuntu0.1 Ubuntu 20.04 LTS: tmux 3.0a-2ubuntu0.2 After a standard system update you need to restart tmux session to make all the necessary changes. References: CVE-2020-27347 Package Information: https://launchpad.net/ubuntu/+source/tmux/3.1b-1ubuntu0.1 https://launchpad.net/ubuntu/+source/tmux/3.0a-2ubuntu0.2 . A newly discovered tmux exploit might enable system crashes or unauthorized code execution through specially designed inputs in Ubuntu versions 20.04 LTS and 20.10.. tmux exploit, Ubuntu security, terminal multiplexer, code execution risk. . LinuxSecurity.com Team
Nov 05, 2020
Ubuntu
89
security advisoryFedoracritical fixFedora 28: 2018-b74b9ac8d1 Critical: Tmux Null Pointer Issue
- fixes rhbz #1652128 and #1652127 - CVE-2018-19387 - tmux: NULL Pointer Dereference in format_cb_pane_tabs in format.c. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-b74b9ac8d1 2018-12-04 02:22:12.111522 --------------------------------------------------------------------------------Name : tmux Product : Fedora 28 Version : 2.8 Release : 2.fc28 URL : https://tmux.github.io/ Summary : A terminal multiplexer Description : tmux is a "terminal multiplexer." It enables a number of terminals (or windows) to be accessed and controlled from a single terminal. tmux is intended to be a simple, modern, BSD-licensed alternative to programs such as GNU Screen. --------------------------------------------------------------------------------Update Information: - fixes rhbz #1652128 and #1652127 - CVE-2018-19387 - tmux: NULL Pointer Dereference in format_cb_pane_tabs in format.c --------------------------------------------------------------------------------ChangeLog: * Thu Nov 22 2018 Filipe Rosset - 2.8-2 - fixes rhbz #1652128 CVE-2018-19387 - tmux: NULL Pointer Dereference in format_cb_pane_tabs in format.c * Fri Oct 19 2018 Filipe Rosset - 2.8-1 - update to version 2.8 - ChangeLog https://raw.githubusercontent.com/tmux/tmux/2.8/CHANGES * Sat Jul 14 2018 Fedora Release Engineering - 2.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Thu Apr 19 2018 Filipe Rosset - 2.7-1 - update to version 2.7, fixes rhbz #1486507 - removed upstreamed patches + spec modernization * Mon Apr 9 2018 Filipe Rosset - 2.6-4 - added gcc as BR --------------------------------------------------------------------------------References: [ 1 ] Bug #1652127 - CVE-2018-19387 tmux: NULL Pointer Dereference in format_cb_pane_tabs in format.c https://bugzilla.redhat.com/show_bug.cgi?id=1652127 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-b74b9ac8d1' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Dec 04, 2018
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!