Recommended update for tmux

Announcement ID:	SUSE-RU-2024:0184-1
Rating:	moderate
References:	bsc#1185572 bsc#1207393 bsc#1210552
Cross-References:	CVE-2022-47016
CVSS scores:	CVE-2022-47016 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-47016 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	openSUSE Leap 15.3 openSUSE Leap 15.5 SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Real Time 15 SP5 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Package Hub 15 15-SP5

An update that solves one vulnerability and has two fixes can now be installed.

Description:

This update for tmux fixes the following issues:

• tmux: Null pointer dereference in window.c (bsc#1207393) (CVE-2022-47016)
• add patch for compactibility with new ncurses fixes bsc#1210552
• disable utf8proc (following upstreams not use it by default on non-macOS)
• switch to screen-256color as default terminal to fix incompatibility with yast2-ruby-testsuite
• update to 3.3a:
• build with utf8proc enabled
• refresh tmux-socket-path patch: restore ability to overwrite socket path using $TMUX_TMPDIR (bsc#1185572)
• Drop pkgconfig(systemd) BuildRequires: there is no reason to pull in systemd into the build.
• Use %tmpfiles_create instead of calling systemd-tmpfiles directly.
• Replace systemd_requires with systemd_ordering: tmux is very well capable to run without systemd (and by using tmpfiles_create, the post script can also cope with the absence of if).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.5
  zypper in -t patch openSUSE-SLE-15.5-2024-184=1
• SUSE Package Hub 15 15-SP5
  zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2024-184=1
• openSUSE Leap 15.3
  zypper in -t patch SUSE-2024-184=1

Package List:

• openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64)
  • tmux-debuginfo-3.3a-150300.3.6.1
  • tmux-debugsource-3.3a-150300.3.6.1
  • tmux-3.3a-150300.3.6.1
• SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64)
  • tmux-debuginfo-3.3a-150300.3.6.1
  • tmux-debugsource-3.3a-150300.3.6.1
  • tmux-3.3a-150300.3.6.1
• openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
  • tmux-debuginfo-3.3a-150300.3.6.1
  • tmux-debugsource-3.3a-150300.3.6.1
  • tmux-3.3a-150300.3.6.1

References:

• https://www.suse.com/security/cve/CVE-2022-47016.html
• https://bugzilla.suse.com/show_bug.cgi?id=1185572
• https://bugzilla.suse.com/show_bug.cgi?id=1207393
• https://bugzilla.suse.com/show_bug.cgi?id=1210552