惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
The Blog of Author Tim Ferriss
S
Securelist
D
Docker
The Register - Security
The Register - Security
GbyAI
GbyAI
Recorded Future
Recorded Future
Engineering at Meta
Engineering at Meta
Stack Overflow Blog
Stack Overflow Blog
云风的 BLOG
云风的 BLOG
P
Proofpoint News Feed
罗磊的独立博客
博客园 - 【当耐特】
F
Full Disclosure
WordPress大学
WordPress大学
腾讯CDC
小众软件
小众软件
大猫的无限游戏
大猫的无限游戏
D
DataBreaches.Net
SecWiki News
SecWiki News
L
Lohrmann on Cybersecurity
I
InfoQ
MyScale Blog
MyScale Blog
量子位
Cyberwarzone
Cyberwarzone
博客园 - 三生石上(FineUI控件)
The Hacker News
The Hacker News
F
Fortinet All Blogs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Jina AI
Jina AI
博客园_首页
H
Help Net Security
K
Kaspersky official blog
酷 壳 – CoolShell
酷 壳 – CoolShell
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Webroot Blog
Webroot Blog
Blog — PlanetScale
Blog — PlanetScale
V
Vulnerabilities – Threatpost
Y
Y Combinator Blog
The Cloudflare Blog
P
Proofpoint News Feed
V
Visual Studio Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tailwind CSS Blog
爱范儿
爱范儿
P
Privacy International News Feed
Security Archives - TechRepublic
Security Archives - TechRepublic
The GitHub Blog
The GitHub Blog
C
Cybersecurity and Infrastructure Security Agency CISA
B
Blog RSS Feed

Arch Linux Security Advisories

[ASA-202506-6] python-django: content spoofing - Arch Linux [ASA-202506-4] go: multiple issues - Arch Linux [ASA-202506-3] samba: access restriction bypass [ASA-202506-2] curl: denial of service [ASA-202506-1] roundcubemail: arbitrary code execution [ASA-202505-15] ghostscript: information disclosure - Arch Linux [ASA-202505-14] bind: denial of service [ASA-202505-13] varnish: content spoofing - Arch Linux [ASA-202505-12] go: directory traversal - Arch Linux [ASA-202505-11] freetype2: arbitrary code execution [ASA-202505-10] python-django: denial of service [ASA-202505-9] dropbear: arbitrary command execution [ASA-202505-8] nodejs-lts-iron: multiple issues - Arch Linux [ASA-202505-7] nodejs-lts-jod: denial of service
[ASA-202506-5] konsole: arbitrary code execution
Arch Linux S · 2025-06-11 · via Arch Linux Security Advisories

ASA-202506-5 log generated external raw

[ASA-202506-5] konsole: arbitrary code execution

Arch Linux Security Advisory ASA-202506-5 ========================================= Severity: High Date : 2025-06-11 CVE-ID : CVE-2025-49091 Package : konsole Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-2897 Summary ======= The package konsole before version 25.04.2-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 25.04.2-1. # pacman -Syu "konsole>=25.04.2-1" The problem has been fixed upstream in version 25.04.2. Workaround ========== None. Description =========== Konsole supports loading URLs from the scheme handlers such as telnet://URL. This can be executed regardless of whether the telnet binary is available. In this mode konsole had a path where if telnet was not available it would fall back to using bash for the given arguments provided; which is the URL provided. This allows an attacker to execute arbitrary code. Browsers typically provide a prompt when a user opens an external scheme handler which would look suspicious, requiring user interaction to be exploitable. Impact ====== A remote attacker can trick a user into opening a specially crafted URL that exploits Konsole’s scheme handler fallback mechanism, leading to arbitrary code execution. References ========== https://kde.org/info/security/advisory-20250609-1.txt https://proofnet.de/publikationen/konsole_rce.html https://nvd.nist.gov/vuln/detail/CVE-2025-49091 https://www.openwall.com/lists/oss-security/2025/06/10/5 https://invent.kde.org/utilities/konsole/-/commit/09d20dea109050b4c02fb73095f327b5642a2b75 https://security.archlinux.org/CVE-2025-49091