Recommended update for tmux SUSE Patch security@suse.de SUSE Security Team SUSE-RU-2024:0184-1 Final 1 1 2024-01-23T12:04:14Z current 2024-01-23T12:04:14Z 2024-01-23T12:04:14Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Recommended update for tmux This update for tmux fixes the following issues: - tmux: Null pointer dereference in window.c (bsc#1207393) (CVE-2022-47016) - add patch for compactibility with new ncurses fixes bsc#1210552 - disable utf8proc (following upstreams not use it by default on non-macOS) - switch to screen-256color as default terminal to fix incompatibility with yast2-ruby-testsuite - update to 3.3a: - build with utf8proc enabled - refresh tmux-socket-path patch: restore ability to overwrite socket path using $TMUX_TMPDIR (bsc#1185572) - Drop pkgconfig(systemd) BuildRequires: there is no reason to pull in systemd into the build. - Use %tmpfiles_create instead of calling systemd-tmpfiles directly. - Replace systemd_requires with systemd_ordering: tmux is very well capable to run without systemd (and by using tmpfiles_create, the post script can also cope with the absence of if). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-184,SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-184,openSUSE-SLE-15.5-2024-184 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/-2024-184/suse-ru-20240184-1/ Link for SUSE-RU-2024:0184-1 https://lists.suse.com/pipermail/sle-updates/2024-January/033902.html E-Mail link for SUSE-RU-2024:0184-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1185572 SUSE Bug 1185572 https://bugzilla.suse.com/1207393 SUSE Bug 1207393 https://bugzilla.suse.com/1210552 SUSE Bug 1210552 https://www.suse.com/security/cve/CVE-2022-47016/ SUSE CVE CVE-2022-47016 page SUSE Linux Enterprise Module for Package Hub 15 SP5 openSUSE Leap 15.5 tmux-3.3a-150300.3.6.1 tmux-3.3a-150300.3.6.1 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP5 tmux-3.3a-150300.3.6.1 as a component of openSUSE Leap 15.5 DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. CVE-2022-47016 SUSE Linux Enterprise Module for Package Hub 15 SP5:tmux-3.3a-150300.3.6.1 openSUSE Leap 15.5:tmux-3.3a-150300.3.6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/-2024-184/suse-ru-20240184-1/ https://www.suse.com/security/cve/CVE-2022-47016.html CVE-2022-47016 https://bugzilla.suse.com/1207393 SUSE Bug 1207393