Jump to content

Advisories MDVSA-2010:161: vte


paul
 Share

Recommended Posts

A vulnerability has been found and corrected in vte:

 

The vte_sequence_handler_window_manipulation function in vteseq.c

in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in

gnome-terminal, does not properly handle escape sequences, which

allows remote attackers to execute arbitrary commands or obtain

potentially sensitive information via a (1) window title or (2) icon

title sequence. NOTE: this issue exists because of a CVE-2003-0070

regression (CVE-2010-2713).

 

The updated packages have been patched to correct this issue.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...