Joined: 12 May 2004
|Posted: Mon Aug 21, 2017 3:26 am Post subject: [ GLSA 201708-07 ] evilvte
|Gentoo Linux Security Advisory
Title: evilvte: User-assisted execution of arbitrary code (GLSA 201708-07)
Improper hypertext validation might allow remote attackers to
execute arbitrary code.
VTE based, highly customizable terminal emulator
Vulnerable: <= 0.5.1
Architectures: All supported architectures
Steve Kemp of Debian identified a flaw in evilvte which does not
properly validate hypertext links. Please review the Debian bug report
Remote attackers could execute arbitrary code by enticing a user to
click a hyperlink in their terminal.
There is no known workaround at this time.
Gentoo Security recommends that users unmerge evilvte:
|# emerge --unmerge "x11-terms/evilvte"
Last edited by GLSA on Sun Aug 27, 2017 4:17 am; edited 1 time in total