Improper hypertext validation might allow remote attackers to execute arbitrary code.
Package | x11-terms/evilvte on all architectures |
---|---|
Affected versions | <= 0.5.1 |
Unaffected versions |
VTE based, highly customizable terminal emulator
Steve Kemp of Debian identified a flaw in evilvte which does not properly validate hypertext links. Please review the Debian bug report referenced below.
Remote attackers could execute arbitrary code by enticing a user to click a hyperlink in their terminal.
There is no known workaround at this time.
Gentoo Security recommends that users unmerge evilvte:
# emerge --unmerge "x11-terms/evilvte"
Release date
August 21, 2017
Latest revision
August 26, 2017: 2
Severity
normal
Exploitable
remote
Bugzilla entries