Jump to content
Sign in to follow this  
paul

Advisories MDVSA-2010:161: vte

Recommended Posts

A vulnerability has been found and corrected in vte:

 

The vte_sequence_handler_window_manipulation function in vteseq.c

in libvte (aka libvte9) in VTE 0.25.1 and earlier, as used in

gnome-terminal, does not properly handle escape sequences, which

allows remote attackers to execute arbitrary commands or obtain

potentially sensitive information via a (1) window title or (2) icon

title sequence. NOTE: this issue exists because of a CVE-2003-0070

regression (CVE-2010-2713).

 

The updated packages have been patched to correct this issue.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...