GLSA-201405-28 : xmonad-contrib: Arbitrary code execution
High Nessus Plugin ID 74234
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201405-28 (xmonad-contrib: Arbitrary code execution)
A vulnerability in the Xmonad.Hooks.DynamicLog module could allow a malicious website with a specially crafted title to inject commands into the title bar which would be executed when the bar is clicked.
A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.
There is no known workaround at this time.
SolutionAll xmonad-contrib users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=x11-wm/xmonad-contrib-0.11.2'