Red Hat Bugzilla – Bug 1251621
CVE-2015-5186 Audit: log terminal emulator escape sequences handling
Last modified: 2016-12-30 11:02:08 EST
Steve Grubb of Red Hat reports:
When auditing the filesystem the names of files are logged. These filenames
can contain escape sequences, when viewed using the ausearch programs "-i"
option for example this can result in the escape sequences being processed
unsafely by the terminal program being used to view the data.
Created attachment 1061284 [details]
Patch fixing unescaped control characters
This patch will be applied upstream. Please share with other distributions. The older the audit package, the more likely they will have problems back porting.
This has been corrected upstream with the following commit:
This issue was discovered by Steve Grubb of Red Hat.