GLSA-201708-07 : evilvte: User-assisted execution of arbitrary code
Medium Nessus Plugin ID 102619
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201708-07 (evilvte: User-assisted execution of arbitrary code)
Steve Kemp of Debian identified a flaw in evilvte which does not properly validate hypertext links. Please review the Debian bug report referenced below.
Remote attackers could execute arbitrary code by enticing a user to click a hyperlink in their terminal.
There is no known workaround at this time.
SolutionGentoo Security recommends that users unmerge evilvte:
# emerge --unmerge 'x11-terms/evilvte'