Explore top 10 tips to secure your open-source projects now. Read More
×
kitty could be made to run programs if it opened a specially
crafted image or desktop notification.
Software Description:
- kitty: fast, featureful, GPU based terminal emulator
Details:
Stephane Chauveau discovered that kitty incorrectly handled image
filenames with special characters in error messages. A remote
attacker could possibly use this to execute arbitrary commands.
This issue only affected Ubuntu 20.04 LTS. (CVE-2020-35605)
Carter Sande discovered that kitty incorrectly handled escape
sequences in desktop notifications. A remote attacker could possibly
use this to execute arbitrary commands. This issue only affected
Ubuntu 22.04 LTS. (CVE-2022-41322)
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: kitty 0.21.2-1ubuntu0.22.04.1 Ubuntu 20.04 LTS: kitty 0.15.0-1ubuntu0.2 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-5659-1
CVE-2020-35605, CVE-2022-41322
Get the latest Linux and open source security news straight to your inbox.