SuSE Local Security Checks : openSUSE: Security Advisory for tmux (openSUSE-SU-2020:1834-1)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.853557

Category: SuSE Local Security Checks

Title: openSUSE: Security Advisory for tmux (openSUSE-SU-2020:1834-1)

Summary: The remote host is missing an update for the 'tmux'; package(s) announced via the openSUSE-SU-2020:1834-1 advisory.

Description: Summary:
The remote host is missing an update for the 'tmux'
package(s) announced via the openSUSE-SU-2020:1834-1 advisory.

Vulnerability Insight:
This update for tmux fixes the following issues:

- Update to version 3.1c

* Fix a stack overflow on colon-separated CSI parsing. boo#1178263
CVE-2020-27347

- tmux 3.1b:

* Fix crash when allow-rename ison and an empty name is set

- tmux 3.1a:

* Do not close stdout prematurely in control mode since it is needed to
print exit messages. Prevents hanging when detaching with iTerm2

- includes changes between 3.1-rc1 and 3.1:

* Only search the visible part of the history when marking
(highlighting) search terms. This is much faster than searching the
whole history and solves problems with large histories. The count of
matches shown is now the visible matches rather than all matches

* Search using regular expressions in copy mode. search-forward and
search-backward use regular expressions by default, the incremental
versions do not

* Turn off mouse mode 1003 as well as the rest when exiting

* Add selection_active format for when the selection is present but not
moving with the cursor

* Fix dragging with modifier keys, so binding keys such as
C-MouseDrag1Pane and C-MouseDragEnd1Pane now work

* Add -a to list-keys to also list keys without notes with -N

* Do not jump to next word end if already on a word end when selecting a
word, fixes select-word with single character words and vi(1) keys

* Fix top and bottom pane calculation with pane border status enabled

- Update to v3.1-rc

* Please see the included CHANGES file

- Fix tmux completion

- Update to v3.0a

* A lot of changes since v2.9a, please see the included CHANGES file.

- Update to v2.9a

- Fix bugs in select-pane and the main-horizontal and main-vertical
layouts.

- Add trailing newline to tmpfiles.d/tmux.conf. On newer systems (such as
Leap 15.1), the lack of a trailing newline appears to cause the
directory to not be created. This is only evident on setups where /run
is an actual tmpfs (on btrfs-root installs, /run is a btrfs subvolume
and thus /run/tmux is persistent across reboots).

- Update to version 2.9

* Add format variables for the default formats in the various modes
(tree_mode_format and so on) and add a -a flag to display-message to
list variables with values.

* Add a -v flag to display-message to show verbose messages as the
format is parsed, this allows formats to be debugged

* Add support for HPA (\033[`).

* Add support for origin mode (\033[?6h).

* No longer clear history on RIS.

* Extend the #[] style syntax and use that together with previous format
changes to allow the status line to be entirely config ...

Description truncated. Please see the references for more information.

Affected Software/OS:
'tmux' package(s) on openSUSE Leap 15.2, openSUSE Leap 15.1.

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-19387
Common Vulnerability Exposure (CVE) ID: CVE-2020-27347
https://raw.githubusercontent.com/tmux/tmux/3.1c/CHANGES
https://security.gentoo.org/glsa/202011-10
https://github.com/tmux/tmux/commit/a868bacb46e3c900530bed47a1c6f85b0fbe701c
https://www.openwall.com/lists/oss-security/2020/11/05/3

Copyright Copyright (C) 2020 Greenbone Networks GmbH

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.853557
Category:	SuSE Local Security Checks
Title:	openSUSE: Security Advisory for tmux (openSUSE-SU-2020:1834-1)
Summary:	The remote host is missing an update for the 'tmux'; package(s) announced via the openSUSE-SU-2020:1834-1 advisory.
Description:	Summary: The remote host is missing an update for the 'tmux' package(s) announced via the openSUSE-SU-2020:1834-1 advisory. Vulnerability Insight: This update for tmux fixes the following issues: - Update to version 3.1c * Fix a stack overflow on colon-separated CSI parsing. boo#1178263 CVE-2020-27347 - tmux 3.1b: * Fix crash when allow-rename ison and an empty name is set - tmux 3.1a: * Do not close stdout prematurely in control mode since it is needed to print exit messages. Prevents hanging when detaching with iTerm2 - includes changes between 3.1-rc1 and 3.1: * Only search the visible part of the history when marking (highlighting) search terms. This is much faster than searching the whole history and solves problems with large histories. The count of matches shown is now the visible matches rather than all matches * Search using regular expressions in copy mode. search-forward and search-backward use regular expressions by default, the incremental versions do not * Turn off mouse mode 1003 as well as the rest when exiting * Add selection_active format for when the selection is present but not moving with the cursor * Fix dragging with modifier keys, so binding keys such as C-MouseDrag1Pane and C-MouseDragEnd1Pane now work * Add -a to list-keys to also list keys without notes with -N * Do not jump to next word end if already on a word end when selecting a word, fixes select-word with single character words and vi(1) keys * Fix top and bottom pane calculation with pane border status enabled - Update to v3.1-rc * Please see the included CHANGES file - Fix tmux completion - Update to v3.0a * A lot of changes since v2.9a, please see the included CHANGES file. - Update to v2.9a - Fix bugs in select-pane and the main-horizontal and main-vertical layouts. - Add trailing newline to tmpfiles.d/tmux.conf. On newer systems (such as Leap 15.1), the lack of a trailing newline appears to cause the directory to not be created. This is only evident on setups where /run is an actual tmpfs (on btrfs-root installs, /run is a btrfs subvolume and thus /run/tmux is persistent across reboots). - Update to version 2.9 * Add format variables for the default formats in the various modes (tree_mode_format and so on) and add a -a flag to display-message to list variables with values. * Add a -v flag to display-message to show verbose messages as the format is parsed, this allows formats to be debugged * Add support for HPA (\033[`). * Add support for origin mode (\033[?6h). * No longer clear history on RIS. * Extend the #[] style syntax and use that together with previous format changes to allow the status line to be entirely config ... Description truncated. Please see the references for more information. Affected Software/OS: 'tmux' package(s) on openSUSE Leap 15.2, openSUSE Leap 15.1. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-19387 Common Vulnerability Exposure (CVE) ID: CVE-2020-27347 https://raw.githubusercontent.com/tmux/tmux/3.1c/CHANGES https://security.gentoo.org/glsa/202011-10 https://github.com/tmux/tmux/commit/a868bacb46e3c900530bed47a1c6f85b0fbe701c https://www.openwall.com/lists/oss-security/2020/11/05/3
Copyright	Copyright (C) 2020 Greenbone Networks GmbH