Updated kitty packages fix security vulnerability
Publication date: 08 Oct 2022Modification date: 08 Oct 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-41322
Description
In Kitty before 0.26.2, insufficient validation in the desktop
notification escape sequence can lead to arbitrary code execution. The
user must display attacker-controlled content in the terminal, then
click on a notification popup. (CVE-2022-41322)
References
- https://bugs.mageia.org/show_bug.cgi?id=30930
- https://nvd.nist.gov/vuln/detail/CVE-2022-41322
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/47RK7MBSVY5BWDUTYMJUFPBAYFSWMTOI/
- https://sw.kovidgoyal.net/kitty/changelog/#id2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41322
SRPMS
8/core
- kitty-0.26.3-1.mga8