A flaw was found in tmux 2.7 through 2.8. The format_cb_pane_tabs function in format.c might allow attackers to cause a denial of service (NULL Pointer Dereference and application crash) by arranging for a malloc failure. References: https://github.com/tmux/tmux/issues/1547 Upstream Patch: https://github.com/openbsd/src/commit/b32e1d34e10a0da806823f57f02a4ae6e93d756e
Created tmux tracking bugs for this issue: Affects: fedora-all [bug 1652128]
great, thanks Laura, I'll fix this issue in a few hours.
Fedora Update System 2018-11-21 21:20:52 EST tmux-2.8-2.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-28b19d8c63 Fedora Update System 2018-11-21 21:20:58 EST tmux-2.8-2.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-b74b9ac8d1 Fedora Update System 2018-11-21 21:21:03 EST tmux-2.8-2.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-e5e93f4c7b
Upstream disputes the security impact: https://github.com/tmux/tmux/issues/1547#issuecomment-441228660
Statement: This issue did not affect the versions of tmux as shipped with Red Hat Enterprise Linux 7.