SUSE-RU-2024:0184-1: moderate: Recommended update for tmux

[SLE-UPDATES]

# Recommended update for tmux

Announcement ID: SUSE-RU-2024:0184-1  
Rating: moderate  
References:

  * bsc#1185572
  * bsc#1207393
  * bsc#1210552

  
Cross-References:

  * CVE-2022-47016

  
CVSS scores:

  * CVE-2022-47016 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
  * CVE-2022-47016 ( NVD ):  7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

  
Affected Products:

  * openSUSE Leap 15.3
  * openSUSE Leap 15.5
  * SUSE Linux Enterprise Desktop 15 SP5
  * SUSE Linux Enterprise High Performance Computing 15 SP5
  * SUSE Linux Enterprise Micro 5.5
  * SUSE Linux Enterprise Real Time 15 SP5
  * SUSE Linux Enterprise Server 15 SP5
  * SUSE Linux Enterprise Server for SAP Applications 15 SP5
  * SUSE Package Hub 15 15-SP5

  
  
An update that solves one vulnerability and has two fixes can now be installed.

## Description:

This update for tmux fixes the following issues:

  * tmux: Null pointer dereference in window.c (bsc#1207393) (CVE-2022-47016)
  * add patch for compactibility with new ncurses fixes bsc#1210552
  * disable utf8proc (following upstreams not use it by default on non-macOS)
  * switch to screen-256color as default terminal to fix incompatibility with
    yast2-ruby-testsuite
  * update to 3.3a:
  * build with utf8proc enabled
  * refresh tmux-socket-path patch: restore ability to overwrite socket path
    using $TMUX_TMPDIR (bsc#1185572)
  * Drop pkgconfig(systemd) BuildRequires: there is no reason to pull in systemd
    into the build.
  * Use %tmpfiles_create instead of calling systemd-tmpfiles directly.
  * Replace systemd_requires with systemd_ordering: tmux is very well capable to
    run without systemd (and by using tmpfiles_create, the post script can also
    cope with the absence of if).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.5  
    zypper in -t patch openSUSE-SLE-15.5-2024-184=1

  * SUSE Package Hub 15 15-SP5  
    zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-184=1

  * openSUSE Leap 15.3  
    zypper in -t patch SUSE-2024-184=1

## Package List:

  * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
    * tmux-debugsource-3.3a-150300.3.6.1
    * tmux-3.3a-150300.3.6.1
    * tmux-debuginfo-3.3a-150300.3.6.1
  * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
    * tmux-debugsource-3.3a-150300.3.6.1
    * tmux-3.3a-150300.3.6.1
    * tmux-debuginfo-3.3a-150300.3.6.1
  * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
    * tmux-debugsource-3.3a-150300.3.6.1
    * tmux-3.3a-150300.3.6.1
    * tmux-debuginfo-3.3a-150300.3.6.1

## References:

  * https://www.suse.com/security/cve/CVE-2022-47016.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1185572
  * https://bugzilla.suse.com/show_bug.cgi?id=1207393
  * https://bugzilla.suse.com/show_bug.cgi?id=1210552

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20240123/db09b804/attachment.htm>