openSUSE-SU-2023:0041-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2023:0041-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2023:0041-1
- Related
- Published
- 2023-02-08T02:02:05Z
- Modified
- 2025-05-07T18:14:31.153224Z
- Upstream
- Summary
- Security update for EternalTerminal
- Details
-
This update for EternalTerminal fixes the following issues:
EternalTerminal was updated to 6.2.4:
- CVE-2022-48257, CVE-2022-48258 remedied
- fix readme regarding port forwarding #522
- Fix test failures that started appearing in CI #526
- Add documentation for the EternalTerminal protocol #523
- ssh-et: apply upstream updates #527
- docs: write gpg key to trusted.gpg.d for APT #530
- Support for ipv6 addresses (with or without port specified) #536
- ipv6 abbreviated address support #539
- Fix launchd plist config to remove daemonization. #540
- Explicitly set verbosity from cxxopts value. #542
- Remove daemon flag in systemd config #549
- Format all source with clang-format. #552
- Fix tunnel parsing exception handling. #550
- Fix SIGTERM behavior that causes systemd control of etserver to timeout. #554
- Parse telemetry ini config as boolean and make telemetry opt-in. #553
Logfile open mode and permission plus location configurability. #556
- boo#1207123 (CVE-2022-48257) Fix predictable logfile names in /tmp
boo#1207124 (CVE-2022-48258) Fix etserver and etclient have world-readable logfiles
Note: Upstream released 6.2.2 with fixes then 6.2.4 and later removed 6.2.2 and redid 6.2.4
- References
Affected packages
SUSE:Package Hub 15 SP4 / EternalTerminal
Package
- Name
- EternalTerminal
- Purl
- pkg:rpm/suse/EternalTerminal&distro=SUSE%20Package%20Hub%2015%20SP4