Gentoo Linux has announced important security updates for two packages: Konsole and Sysstat, addressing vulnerabilities that could lead to arbitrary code execution.
- Unaffected: kde-apps/konsole >= 24.12.3-r1
- Unaffected: app-admin/sysstat >= 12.6.2-r1
Konsole Vulnerability (GLSA 202506-13)
On June 15, 2025, Gentoo released a security advisory regarding a significant flaw in Konsole, the KDE terminal emulator. This vulnerability arises from improper input sanitization, enabling remote attackers to execute commands through malicious URLs. Specifically, if a user clicks a malicious URL, it could lead to arbitrary code execution, as Konsole may fall back to executing commands via bash if the specified binary is unavailable.Affected Versions:
- Vulnerable: kde-apps/konsole < 24.12.3-r1- Unaffected: kde-apps/konsole >= 24.12.3-r1
Resolution:
Users are urged to upgrade to the latest version using the following commands:bashemerge --sync
emerge --ask --oneshot --verbose "> =kde-apps/konsole-24.12.3-r1"
Sysstat Vulnerability (GLSA 202506-12)
Additionally, a vulnerability was identified in Sysstat, a package containing performance monitoring utilities for Linux. This issue is due to an integer overflow, which could also result in arbitrary code execution, particularly impacting 32-bit systems when displaying activity data files. This vulnerability improves upon a previously incomplete fix related to CVE-2022-39377.Affected Versions:
- Vulnerable: app-admin/sysstat < 12.6.2-r1- Unaffected: app-admin/sysstat >= 12.6.2-r1
Resolution:
Sysstat users are also advised to upgrade to the latest version:bashemerge --sync
emerge --ask --oneshot --verbose "> =app-admin/sysstat-12.6.2-r1"
Conclusion
Security is a top priority for Gentoo Linux, and users are encouraged to stay informed about potential vulnerabilities. Users who have concerns or require further assistance can contact Gentoo's security team or report issues through the Gentoo bug tracker. For more information and updates regarding these advisories, users can visit the Gentoo Security Website.Additional Note
It is essential for all users to regularly check for updates and apply necessary patches to maintain the security and integrity of their systems. By doing so, users can help protect their systems against potential threats and vulnerabilitiesKonsole and Sysstat updates for Gentoo
Gentoo Linux has received security updates for Konsole and Sysstat:
[ GLSA 202506-13 ] Konsole: Code execution
[ GLSA 202506-12 ] sysstat: Arbitrary Code Execution
