openSUSE Security Update: Security update for mc
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2022:0061-1
Rating:             moderate
References:         #1190180 
Cross-References:   CVE-2021-36370
CVSS scores:
                    CVE-2021-36370 (SUSE): 4.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Affected Products:
                    openSUSE Backports SLE-15-SP3
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for mc fixes the following issues:

   Midnight Commander 4.8.27:

   * Core

     - Reimplement version detection (#3603, #4249)
     - Significantly reduce rebuilt time after version change (#2252, #4266)
     - Drop automatic migration of configuration from ~/.mc to XDG-based
       directories (#3682)
     - zsh: support custom configuration file: ~/.local/share/mc/.zshrc
       (#4203)
     - Widgets: implement WST_VISIBLE state to show/hide widgets (#2919)
     - Find File: add Follow symlinks option (#2020)

   * VFS

     - extfs: support unrar-6 (#4154)
     - extfs: support official 7z binary (7zz) (#4239)
     - ftpfs: apply file list parser from lftp project (#2841, #3174)

   * Editor

     - Word completion: get candidates from all open files (#4160)
     - etags: get rid of hardcoded list length and window width (#4132)
     - Update syntax files:
       - python (#4140)
     - Add syntax highlighting:
       - Verilog and SystemVerilog? header files (#4215)
       - JSON (#4250)
       - openrc-run scripts (#4246)
   * Misc

     - Filehighlight of c++ and h++ files as sources (#4194)
     - Filehighlight of JSON files as documents (#4250)
     - Support of alacritty terminal emulator
       (???https://github.com/alacritty/alacritty) (#4248)
     - Support of foot terminal emulator (???https://codeberg.org/dnkl/foot)
       (#4251)
     - Support of (alt+)shift+arrow keys in st terminal emulator
       (st.suckless.org) (#4267)
     - Mouse support in screen: don't check  variable (#4233)
     - mc.ext: support fb2 e-books (#4167)
     - ext.d: use mediainfo to view info about various media files (#4167)
     - Remove OS/distro-specific package-related stuff from source tree
       (#4217)

   * Fixes

     - FTBFS against NCurses on OS X 10.9.5 (#4181)
     - Segfault on dialog before panels get visible (#4244)
     - Crash if shadow is out of screen (build against NCurses) (#4192)
     - Crash in search (#4222)
     - Crash on startup with enabled subshell in FreeBSD (workaround) (#4213)
     - Hang on start randomly with zsh as subshell (#4198)
     - If command line is invisible it's partially displayed (#4182)
     - Broken handling of zip archives (#4180, #4183)
     - Broken handling of jar files as zip archives (#4223)
     - Timestamps of symlinks, sockets, fifos, etc are not preserved after
       copy/move (#3985)
     - %view action in the user menu doesn't work on no-exec filesystem
       (#4242)
     - Hardlinks are not colored by file type or extension (#3375)
     - mcedit: silent macro makes terminal disrupted (#4171)
     - mcedit: disrupting of TAGS file path (#4207)
     - vfs: unable to browse compressed tar archives (#4191)
     - sftpfs vfs: CVE-2021-36370: server fingerprint isn't verified
       (discovered by AUT-milCERT during an audit of open source software)
       (#4259)
     - ftpfs vfs: month of file is always January (#4260)
     - Tests: log files are written by libcheck and automake simultaneously
       (#3986)


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP3:

      zypper in -t patch openSUSE-2022-61=1



Package List:

   - openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64):

      mc-4.8.27-bp153.2.3.1

   - openSUSE Backports SLE-15-SP3 (noarch):

      mc-lang-4.8.27-bp153.2.3.1


References:

   https://www.suse.com/security/cve/CVE-2021-36370.html
   https://bugzilla.suse.com/1190180

openSUSE: 2022:0061-1 moderate: mc

March 1, 2022
An update that fixes one vulnerability is now available

Description

This update for mc fixes the following issues: Midnight Commander 4.8.27: * Core - Reimplement version detection (#3603, #4249) - Significantly reduce rebuilt time after version change (#2252, #4266) - Drop automatic migration of configuration from ~/.mc to XDG-based directories (#3682) - zsh: support custom configuration file: ~/.local/share/mc/.zshrc (#4203) - Widgets: implement WST_VISIBLE state to show/hide widgets (#2919) - Find File: add Follow symlinks option (#2020) * VFS - extfs: support unrar-6 (#4154) - extfs: support official 7z binary (7zz) (#4239) - ftpfs: apply file list parser from lftp project (#2841, #3174) * Editor - Word completion: get candidates from all open files (#4160) - etags: get rid of hardcoded list length and window width (#4132) - Update syntax files: - python (#4140) - Add syntax highlighting: - Verilog and SystemVerilog? header files (#4215) - JSON (#4250) - openrc-run scripts (#4246) * Misc - Filehighlight of c++ and h++ files as sources (#4194) - Filehighlight of JSON files as documents (#4250) - Support of alacritty terminal emulator (???https://github.com/alacritty/alacritty) (#4248) - Support of foot terminal emulator (???https://codeberg.org/dnkl/foot) (#4251) - Support of (alt+)shift+arrow keys in st terminal emulator (st.suckless.org) (#4267) - Mouse support in screen: don't check variable (#4233) - mc.ext: support fb2 e-books (#4167) - ext.d: use mediainfo to view info about various media files (#4167) - Remove OS/distro-specific package-related stuff from source tree (#4217) * Fixes - FTBFS against NCurses on OS X 10.9.5 (#4181) - Segfault on dialog before panels get visible (#4244) - Crash if shadow is out of screen (build against NCurses) (#4192) - Crash in search (#4222) - Crash on startup with enabled subshell in FreeBSD (workaround) (#4213) - Hang on start randomly with zsh as subshell (#4198) - If command line is invisible it's partially displayed (#4182) - Broken handling of zip archives (#4180, #4183) - Broken handling of jar files as zip archives (#4223) - Timestamps of symlinks, sockets, fifos, etc are not preserved after copy/move (#3985) - %view action in the user menu doesn't work on no-exec filesystem (#4242) - Hardlinks are not colored by file type or extension (#3375) - mcedit: silent macro makes terminal disrupted (#4171) - mcedit: disrupting of TAGS file path (#4207) - vfs: unable to browse compressed tar archives (#4191) - sftpfs vfs: CVE-2021-36370: server fingerprint isn't verified (discovered by AUT-milCERT during an audit of open source software) (#4259) - ftpfs vfs: month of file is always January (#4260) - Tests: log files are written by libcheck and automake simultaneously (#3986)

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-61=1


Package List

- openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64): mc-4.8.27-bp153.2.3.1 - openSUSE Backports SLE-15-SP3 (noarch): mc-lang-4.8.27-bp153.2.3.1


References

https://www.suse.com/security/cve/CVE-2021-36370.html https://bugzilla.suse.com/1190180


Severity
Announcement ID: openSUSE-SU-2022:0061-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP3 .

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved