A vulnerability has been found in Kitty which could allow for arbitrary code execution with user input.
|Package||x11-terms/kitty on all architectures|
|Affected versions||< 0.26.2|
|Unaffected versions||>= 0.26.2|
Kitty is a fast, feature-rich, GPU-based terminal.
Carter Sande discovered that maliciously constructed control sequences can cause Kitty to display a notification that, when clicked, can cause Kitty to execute arbitrary commands.
Kitty can produce notifications that, when clicked, can execute arbitrary commands.
Avoid clicking unexpected notifications.
All Kitty users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=x11-terms/kitty-0.26.2"
September 29, 2022
September 29, 2022: 1