Mageia alert MGASA-2022-0459 (rxvt-unicode)


From:
               Mageia Updates <buildsystem-daemon@mageia.org>
To:
               updates-announce@ml.mageia.org
Subject:
               [updates-announce] MGASA-2022-0459: Updated rxvt-unicode packages fix security vulnerability
Date:
               Tue, 13 Dec 2022 23:10:23 +0100
Message-ID:
               <20221213221023.85A859F8FB@duvel.mageia.org>
Archive-link:
               Article
MGASA-2022-0459 - Updated rxvt-unicode packages fix security vulnerability

Publication date: 13 Dec 2022
URL: https://advisories.mageia.org/MGASA-2022-0459.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2022-4170

Description:
rxvt-unicode 9.25 and 9.26 are vulnerable to remote code execution, in the
Perl background extension, when an attacker can control the data written
to the user's terminal and certain options are set. (CVE-2022-4170)

References:
- https://bugs.mageia.org/show_bug.cgi?id=31226
- https://www.openwall.com/lists/oss-security/2022/12/05/1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4170

SRPMS:
- 8/core/rxvt-unicode-9.26-1.1.mga8

From:		Mageia Updates <buildsystem-daemon@mageia.org>
To:		updates-announce@ml.mageia.org
Subject:		[updates-announce] MGASA-2022-0459: Updated rxvt-unicode packages fix security vulnerability
Date:		Tue, 13 Dec 2022 23:10:23 +0100
Message-ID:		<20221213221023.85A859F8FB@duvel.mageia.org>
Archive-link:		Article