GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Aug 21, 2017 3:26 am Post subject: [ GLSA 201708-07 ] evilvte |
|
|
Gentoo Linux Security Advisory
Title: evilvte: User-assisted execution of arbitrary code (GLSA 201708-07)
Severity: normal
Exploitable: remote
Date: 2017-08-21
Updated: 2017-08-26
Bug(s): #611290
ID: 201708-07
Synopsis
Improper hypertext validation might allow remote attackers to
execute arbitrary code.
Background
VTE based, highly customizable terminal emulator
Affected Packages
Package: x11-terms/evilvte
Vulnerable: <= 0.5.1
Architectures: All supported architectures
Description
Steve Kemp of Debian identified a flaw in evilvte which does not
properly validate hypertext links. Please review the Debian bug report
referenced below.
Impact
Remote attackers could execute arbitrary code by enticing a user to
click a hyperlink in their terminal.
Workaround
There is no known workaround at this time.
Resolution
Gentoo Security recommends that users unmerge evilvte: Code: | # emerge --unmerge "x11-terms/evilvte"
|
References
Debian
Bug #854585
Last edited by GLSA on Sun Aug 27, 2017 4:17 am; edited 1 time in total |
|