A vulnerability has been discovered in Zutty which could allow for arbitrary code execution.
|Package||x11-terms/zutty on all architectures|
|Affected versions||< 0.13|
|Unaffected versions||>= 0.13|
Zutty is an X terminal emulator rendering through OpenGL ES Compute Shaders.
Zutty does not correctly handle invalid DECRQSS commands, which can be exploited to run arbitrary commands in the terminal.
Untrusted text written to the Zutty terminal can achieve arbitrary code execution.
There is no known workaround at this time.
All Zutty users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=x11-terms/zutty-0.13"
September 29, 2022
September 29, 2022: 1