Advisories » MGASA-2022-0459

Updated rxvt-unicode packages fix security vulnerability

Publication date: 13 Dec 2022
Modification date: 13 Dec 2022
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-4170

Description

rxvt-unicode 9.25 and 9.26 are vulnerable to remote code execution, in the
Perl background extension, when an attacker can control the data written
to the user's terminal and certain options are set. (CVE-2022-4170)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=31226
• https://www.openwall.com/lists/oss-security/2022/12/05/1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4170

SRPMS

8/core

• rxvt-unicode-9.26-1.1.mga8