Update Info

openSUSE-2023-41


Security update for EternalTerminal


Type: security
Severity: important
Issued: 2023-02-08
Description:
This update for EternalTerminal fixes the following issues:

EternalTerminal was updated to 6.2.4:

  * CVE-2022-48257, CVE-2022-48258 remedied
  * fix readme regarding port forwarding #522
  * Fix test failures that started appearing in CI #526
  * Add documentation for the EternalTerminal protocol #523
  * ssh-et: apply upstream updates #527
  * docs: write gpg key to trusted.gpg.d for APT #530
  * Support for ipv6 addresses (with or without port specified) #536
  * ipv6 abbreviated address support #539
  * Fix launchd plist config to remove daemonization. #540
  * Explicitly set verbosity from cxxopts value. #542
  * Remove daemon flag in systemd config #549
  * Format all source with clang-format. #552
  * Fix tunnel parsing exception handling. #550
  * Fix SIGTERM behavior that causes systemd control of etserver to timeout. #554
  * Parse telemetry ini config as boolean and make telemetry opt-in. #553
  * Logfile open mode and permission plus location configurability. #556
- boo#1207123 (CVE-2022-48257) Fix predictable logfile names in /tmp
- boo#1207124 (CVE-2022-48258) Fix etserver and etclient have world-readable logfiles

- Note: Upstream released 6.2.2 with fixes then 6.2.4 and later removed 6.2.2
  and redid 6.2.4


              

Packages


  • EternalTerminal-6.2.4-bp154.2.6.1