A flaw was found in tmux 2.7 through 2.8. The format_cb_pane_tabs function in format.c might allow attackers to cause a denial of service (NULL Pointer Dereference and application crash) by arranging for a malloc failure.
Created tmux tracking bugs for this issue:
Affects: fedora-all [bug 1652128]
great, thanks Laura, I'll fix this issue in a few hours.
Fedora Update System 2018-11-21 21:20:52 EST
tmux-2.8-2.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-28b19d8c63
Fedora Update System 2018-11-21 21:20:58 EST
tmux-2.8-2.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-b74b9ac8d1
Fedora Update System 2018-11-21 21:21:03 EST
tmux-2.8-2.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-e5e93f4c7b
Upstream disputes the security impact:
This issue did not affect the versions of tmux as shipped with Red Hat Enterprise Linux 7.