1. Forum
  2. Usenet
  3. LINUX.GENTOO.ANNOUNCE

  • [gentoo-announce] [ GLSA 202506-13 ] Konsole: Code execution

    From [email protected]@21:1/5 to All on Sun Jun 15 08:40:01 2025
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 202506-13
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    https://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Severity: High
    Title: Konsole: Code execution
    Date: June 15, 2025
    Bugs: #957792
    ID: 202506-13

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    An input sanitization flaw in Konsole might allow remote attackers to
    execute commands via a malicious URL

    Background
    ==========

    Konsole is KDE's terminal emulator.

    Affected packages
    =================

    Package Vulnerable Unaffected
    ---------------- ------------ -------------
    kde-apps/konsole < 24.12.3-r1 >= 24.12.3-r1

    Description
    ===========

    Konsole supports loading URLs from the scheme handlers such as
    telnet://URL. This can be executed regardless of whether the telnet
    binary is available. It would fallback to bash in that case and execute arbitrary code.

    Impact
    ======

    Clicking a malicious URL in a browser may lead to arbitrary code
    execution. Please review the referenced CVE identifier for details.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All Konsole users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=kde-apps/konsole-24.12.3-r1"

    References
    ==========

    [ 1 ] CVE-2025-49091
    https://nvd.nist.gov/vuln/detail/CVE-2025-49091

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

    https://security.gentoo.org/glsa/202506-13

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to [email protected] or alternatively, you may file a bug at https://bugs.gentoo.org.

    License
    =======

    Copyright 2025 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmhOZ/UACgkQFMQkOaVy +9knJg/7BItQWyfxB69LTprJNOOhF2lt0TB1ltfgr5A9kzQ7xtCIi2WVRx0fNtIU FnYkVA0TbIVPHBeTos1GyhKNpz73pSDPpVPjEy8XcHk9YDAi2PcLKqMcxPVfXPvv rVBjbryWCQu5w37XUKiVpQLhwz2fz3yWoDoO7GtiUqNtkRZmpSxlVivvt8FhN4EM HKYvhL1hQWbE/nEFO1qRfkyDiFa2Xi2u40psGjxgfotPXJHRn68DJ5fNYwgPiYig Oy7x5hHUv/CeCxrH5UMl70XD+MAlj0h/0uoNF5PS7QK4oNxd8Femr8MfbNM2fIoV z9w26sHs7lAVwp3mDqYzqt3rXJQHnyYDQNKV0Do6akXXzK76EmRCgtIWNj7KMQYX DP2Y/1qDiIdAUoOOzvFk/FMQGFzbTRBJKIOOwERO1yQFTTqBdvLYMuWNfyBikG0f 30kUSach6fQkX50Pj9sQaY/kfzZDY0rUqhtG1kg2vybYE99wMnymmueNYQKP6sIU WDZj/ae4yQzmW5AzbZt2ElkiSML0CKJo9UYBHwwz9+ILE8Avny4CqxQOBrilNhlf Vkqvnq+jf8QFQxdTTIUbaKVfiwbU7thMcrN7cAl6aQ2SgShsnDfqtbTeH1k7viQn 196eCTcHYvZy/aZ4WT5vGPY0A2P7U1Kc9umDAJOiNdl7PbBZMvI=
    =b7V1
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)