Steve Grubb of Red Hat reports: When auditing the filesystem the names of files are logged. These filenames can contain escape sequences, when viewed using the ausearch programs "-i" option for example this can result in the escape sequences being processed unsafely by the terminal program being used to view the data.
Created attachment 1061284 [details] Patch fixing unescaped control characters This patch will be applied upstream. Please share with other distributions. The older the audit package, the more likely they will have problems back porting.
This has been corrected upstream with the following commit: https://fedorahosted.org/audit/changeset/1122
Acknowledgement: This issue was discovered by Steve Grubb of Red Hat.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2015-5186