Security
Security
A vulnerability has been discovered in Mrxvt which could allow for arbitrary code execution
| Package | x11-terms/mrxvt on all architectures |
|---|---|
| Affected versions | <= 0.5.4 |
| Unaffected versions |
Mrxvt is a multi-tabbed rxvt clone with XFT, transparent background and CJK support.
Mrxvt mishandles certain escape sequences, some of which allow for shell command execution.
An attacker with sufficient access to write arbitrary text to the Mrxvt terminal could execute arbitrary code.
There is no known workaround at this time.
Gentoo has discontinued support for Mrxvt. We recommend that users remove it:
# emerge --ask --depclean "x11-terms/mrxvt"
Release date
September 25, 2022
Latest revision
September 25, 2022: 1
Severity
normal
Exploitable
local and remote
Bugzilla entries