evilvte: User-assisted execution of arbitrary code — GLSA 201708-07

Improper hypertext validation might allow remote attackers to execute arbitrary code.

Affected packages

x11-terms/evilvte on all architectures
Affected versions <= 0.5.1
Unaffected versions

Background

VTE based, highly customizable terminal emulator

Description

Steve Kemp of Debian identified a flaw in evilvte which does not properly validate hypertext links. Please review the Debian bug report referenced below.

Impact

Remote attackers could execute arbitrary code by enticing a user to click a hyperlink in their terminal.

Workaround

There is no known workaround at this time.

Resolution

Gentoo Security recommends that users unmerge evilvte:

 # emerge --unmerge "x11-terms/evilvte"
 

References

Release date
August 21, 2017

Latest revision
August 26, 2017: 2

Severity
normal

Exploitable
remote

Bugzilla entries