[CLSA-2022:1669242003] Fix CVE(s): CVE-2022-45063

Type:

security

Severity:

Critical

Release date:

2022-11-23 22:20:03 UTC

Description:

   * SECURITY UPDATE: possible RCE when using OSC 50 sequence
     - debian/patches/CVE-2022-45063.patch: Improve error recovery when
       setting a bitmap font for the VT100 window, e.g., in case OSC 50
       failed, restoring the most recent valid font so that a subsequent
       OSC 50 reports this correctly.
     - CVE-2022-45063
     - debian/patches/extra_safety_to_string_comparison_functions.patch:
       Add NULL pointer checks in x_strcasecmp() and x_strncasecmp() to
       help with error recovery for a missing font.

Updated packages:

xterm_322-1ubuntu1.2+tuxcare.els1_amd64.deb
sha:e077d40b5a7043c83f57c4a680a817c31768ae4b

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.