A vulnerability has been discovered in Mrxvt which could allow for arbitrary code execution
|Package||x11-terms/mrxvt on all architectures|
|Affected versions||<= 0.5.4|
Mrxvt is a multi-tabbed rxvt clone with XFT, transparent background and CJK support.
Mrxvt mishandles certain escape sequences, some of which allow for shell command execution.
An attacker with sufficient access to write arbitrary text to the Mrxvt terminal could execute arbitrary code.
There is no known workaround at this time.
Gentoo has discontinued support for Mrxvt. We recommend that users remove it:
# emerge --ask --depclean "x11-terms/mrxvt"
September 25, 2022
September 25, 2022: 1
local and remote