Gentoo Security Advisory GLSA 200409-10 (multi-gnome-terminal) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200409-10.

Solution

All multi-gnome-terminal users should upgrade to the latest version: # emerge sync # emerge -pv '>=x11-terms/multi-gnome-terminal-1.6.2-r1' # emerge '>=x11-terms/multi-gnome-terminal-1.6.2-r1' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200409-10 http://bugs.gentoo.org/show_bug.cgi?id=62322

Insight

Active keystroke logging in multi-gnome-terminal has been discovered in potentially world-readable files. This could allow any authorized user on the system to read sensitive data, including passwords.

Severity

Classification

CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

Gentoo Security Advisory GLSA 200311-01 (kdebase)
Gentoo Security Advisory GLSA 200404-02 (kde-base/kde)
Gentoo Security Advisory GLSA 200405-25 (tla)
Gentoo Security Advisory GLSA 200406-17 (IPsec-Tools)
Gentoo Security Advisory GLSA 200405-14 (subversion)

Take action and discover your vulnerabilities