CVE-2022-45063 In older versions of tmux, there was a font operation vulnerability that allowed command execution. This is no longer the case.

CVE-2022-45063 In older versions of tmux, there was a font operation vulnerability that allowed command execution. This is no longer the case.

Before upgrading, check any applicable distribution's xterm settings to avoid accidental code execution. For example, the vi line-editing mode of Ubuntu 16.04 is configured as follows: As a precaution, before upgrading, check any applicable distribution's xterm settings to avoid accidental code execution. For example, the vi line-editing mode of Ubuntu 16.04 is configured as follows: "Xterm*VT100.font: DejaVu Sans Mono:p:135:50:*" This results in the vi command being executed when the OSC response has Ctrl-g. The same settings are used by some other distributions, such as Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 uses the following settings: "Xterm*VT100.font: DejaVu Sans Mono:p:135:50:*" This results in the vi command being executed when the OSC response has Ctrl-g. The same settings are used by some other distributions, such as Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 uses the following settings: Before upgrading, check any applicable distribution's xterm settings to avoid accidental code execution. For example, the vi line-editing mode of Ubuntu 16.04 is configured as follows: "Xterm*VT100.font: DejaVu Sans Mono:p:135:50:*" This results in the vi command being executed when the OSC response has Ctrl-g. The same settings

Check for software updates

Before upgrading, check any applicable distribution's xterm settings to avoid accidental code execution. For example, the vi line-editing mode of Ubuntu 16.04 is configured as follows: As a precaution, before upgrading, check any applicable distribution's xterm settings to avoid accidental code execution. For example, the vi line-editing mode of Ubuntu 16.04 is configured as follows: "Xterm*VT100.font: DejaVu Sans Mono:p:135:50:*" This results in the vi command being executed when the OSC response has Ctrl-g. The same settings are used by some other distributions, such as Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 uses the following settings: "Xterm*VT100.font: DejaVu Sans Mono:p:135:50:*" This results in the vi command being executed when the OSC response has Fn-g. The same settings are used by some other distributions, such as Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 uses the following settings:-
Before upgrading, check any applicable distribution's xterm settings to avoid accidental code execution. For example, the vi line-editing mode of Ubuntu 16.04 is configured as follows:-
"Xterm*VT100.font: DejaVu Sans Mono:p:135:50:-*" This results in the vi command being executed when there is no key press on Ctrl-g

Debian-Based Systems

Debian-based systems, such as Ubuntu 16.04, require a patch to prevent accidental code execution.
Debian-based systems need to be patched before upgrading so that the vi command will not execute when the OSC response has Ctrl-g. Here is how you can apply this patch: "Xterm*VT100.font: DejaVu Sans Mono:p:135:50:*" This results in the vi command being executed when the OSC response has Ctrl-g. The same settings are used by some other distributions, such as Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 uses the following settings: "Xterm*VT100.font: DejaVu Sans Mono:p:135:50:*" This results in the vi command being executed when the OSC response has Ctrl-g. The same settings are used by some other distributions, such as Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 uses the following settings

Check for vulnerable xterm server settings

If you're not sure which distribution you're running, the following command can help: "uname -a"

Check for X11 updates

Before upgrading, check any applicable distribution's xterm settings to avoid accidental code execution. For example, the vi line-editing mode of Ubuntu 16.04 is configured as follows: Before upgrading, check any applicable distribution's xterm settings to avoid accidental code execution. For example, the vi line-editing mode of Ubuntu 16.04 is configured as follows: "Xterm*VT100.font: DejaVu Sans Mono:p:135:50:*" This results in the vi command being executed when the OSC response has Ctrl-g. The same settings are used by some other distributions, such as Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 uses the following settings: "Xterm*VT100.font: DejaVu Sans Mono:p:135:50:*" This results in the vi command being executed when the OSC response has Ctrl-g. The same settings are used by some other distributions, such as Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 uses the following settings

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe