[SECURITY] [DSA 5945-1] konsole security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5945-1] konsole security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Fri, 20 Jun 2025 19:41:49 +0000
Message-id: <[🔎] aFW5fV3V3sSz0N2S@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5945-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 20, 2025                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : konsole
CVE ID         : CVE-2025-49091

Dennis Dast discovered that the Konsole terminal emulator insecurely
handled the telnet URI scheme, which could result in the execution
of arbitrary code in some configurations.

For the stable distribution (bookworm), this problem has been fixed in
version 4:22.12.3-1+deb12u1.

We recommend that you upgrade your konsole packages.

For the detailed security status of konsole please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/konsole

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmhVuEkACgkQEMKTtsN8
TjZXZQ/+N3pnubXqC7YVpgRz1Ys9BuYnQMTiePu3r5a27cok+TcCI+iLc7yCgK9q
0ruai5Re5/wG278KVHmYnFiWHvnN/7/SDkW6zZuFInis2h1haZM6uMMiLFT3AqIe
4KaYIv4g6fvOLbfuLoew3GsWTiFNAV8Cet6hr6IBSjm9CQYnRRfRNxfhjwtu+E7B
efeLX3ELY5eyTsAJ4LyVNO5Hei8rwnxDOeJGaZNmBVLR4LzmIwrfTITUaTCz1sh/
njrkJZJxMfw26T0cAIxePAYia9L7X7swUIKPpvhkGFrCNtM8RomuL5h3W93Qnvch
c2hfJAH8n4DoTgLdXlF42xzJDwt8HhIsIWOol25Yy7H82MImQUuBy8rIRhIUBaHU
Hf0n+BWUQhni7h3Ryb8h9BN+RpvfFJ1wpuDnKiuNDRGzXrq6VabY5AtzgvdDUOGR
KMdf9BRvh55++qtzQtZoJh7rDW8+CRcxFObhgseUUL74V7Dsto2GNiBB5EUoYvo1
w0eq53ajNrQnQa+uLdTfsEjF78OFg93Ht/0aYD0fMvfU1aMcVMFa7kAWbzFa5GZJ
vjwdQGP6WHy8aV9YpfzZDK+fJRvuyJg7WHZ+qzq4VEtQAG/3rHkTj/JEa7BUoAyN
KPU8ORkwA96IAuBV7wngPGqjTzNhdxAnBcznxzHOWtgWkuAM8i4=
=FPY9
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5944-1] chromium security update
Next by Date: [SECURITY] [DSA 5946-1] gdk-pixbuf security update
Previous by thread: [SECURITY] [DSA 5944-1] chromium security update
Next by thread: [SECURITY] [DSA 5946-1] gdk-pixbuf security update
Index(es):
- Date
- Thread