See https://bugzilla.gnome.org/show_bug.cgi?id=676090 "The commands echo -en "\e[2147483647L" echo -en "\e[2147483647M" echo -en "\e[2147483647P" all seem to cause gnome-terminal (vte) to use all available cpu time and stop responding to the user. Even File->Close Window can not be used." fixed in vte3 0.32.2
Status: NEW => ASSIGNEDSee Also: (none) => https://bugzilla.gnome.org/show_bug.cgi?id=676090
Fedora has issued an advisory for this on June 16: http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083403.html It has been assigned CVE-2012-2738.
CC: (none) => luigiwalserVersion: 2 => CauldronSummary: vte3: malicious escape sequences can cause denial of service => vte3: malicious escape sequences can cause denial of service (CVE-2012-2738)Whiteboard: (none) => MGA2TOO, MGA1TOO
CC: (none) => fundawang
Patched packages uploaded for Mageia 1, Mageia 2, and Cauldron. Advisory: ======================== Updated vte packages fix security vulnerability: A denial of service flaw was found in the way VTE, a terminal emulator widget, processed certain escape sequences with large repeat counts. A remote attacker could provide a specially-crafted file, which once opened in a terminal using the VTE terminal emulator could lead to excessive CPU consumption (CVE-2012-2738). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2738 http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083403.html ======================== Updated packages in core/updates_testing: ======================== vte-0.26.2-2.1.mga1 python-vte-0.26.2-2.1.mga1 libvte9-0.26.2-2.1.mga1 libvte-devel-0.26.2-2.1.mga1 vte-0.28.2-4.1.mga2 python-vte-0.28.2-4.1.mga2 libvte9-0.28.2-4.1.mga2 libvte-devel-0.28.2-4.1.mga2 libvte-gir0.0-0.28.2-4.1.mga2 from SRPMS: vte-0.26.2-2.1.mga1.src.rpm vte-0.28.2-4.1.mga2.src.rpm
URL: https://bugzilla.gnome.org/show_bug.cgi?id=676090 => http://lwn.net/Vulnerabilities/504949/CC: (none) => olavVersion: Cauldron => 2Assignee: olav => qa-bugsWhiteboard: MGA2TOO, MGA1TOO => MGA1TOO
Bug confirmed, just by entering the first string echo -en "\e[2147483647L" Confirmed fixed by the update. Testing complete on Mageia 2 i586. I'll test Mageia 1 i586 shortly.
CC: (none) => davidwhodgins
Testing complete on Mageia 1 i586.
Whiteboard: MGA1TOO => MGA1TOO, MGA1-32-OK MGA2-32-OK
Testing mga2 x86_64 With the update applied, the first line still causes a DOS in gnome-terminal. Installing python-vte x86_64 asks to install 32 bit libraries. Checked libvte9 though and appears to be 64 bit # ls /usr/lib64/libvt* libvte2_90.so.9 libvte.so.9 libvte2_90.so.9.3200.1 libvte.so.9.2800.2 None in /usr/lib/ Not sure what the problem is here David.
Sorry, my mistype. python-vte is fine, I'd installed it alongside libvte-gir0.0 instead of lib64.. There is still the DOS issue though.
Testing complete mga1 64
Whiteboard: MGA1TOO, MGA1-32-OK MGA2-32-OK => MGA1TOO, MGA1-32-OK MGA2-32-OK mga1-64-OK
(In reply to comment #5) > Testing mga2 x86_64 > > With the update applied, the first line still causes a DOS in gnome-terminal. What if you reboot first? I wonder if it's still using the old library.
It's the same after a reboot. Even when starting gnome-terminal from konsole in kde David.
$ rpm -qa | grep vte vte-0.28.2-4.1.mga2 vte3-0.32.1-1.mga2 python-vte-0.28.2-4.1.mga2 lib64vte2_90_9-0.32.1-1.mga2 lib64vte-gir0.0-0.28.2-4.1.mga2 lib64vte9-0.28.2-4.1.mga2 Perhaps it should be vte3 updated in Mga2?
Good catch, thanks Claire. Strangely, vte3 0.32.2 has been sitting in SVN since May 29th. Built now. Advisory: ======================== Updated vte packages fix security vulnerability: A denial of service flaw was found in the way VTE, a terminal emulator widget, processed certain escape sequences with large repeat counts. A remote attacker could provide a specially-crafted file, which once opened in a terminal using the VTE terminal emulator could lead to excessive CPU consumption (CVE-2012-2738). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2738 http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083403.html ======================== Updated packages in core/updates_testing: ======================== vte-0.26.2-2.1.mga1 python-vte-0.26.2-2.1.mga1 libvte9-0.26.2-2.1.mga1 libvte-devel-0.26.2-2.1.mga1 vte-0.28.2-4.1.mga2 python-vte-0.28.2-4.1.mga2 libvte9-0.28.2-4.1.mga2 libvte-devel-0.28.2-4.1.mga2 libvte-gir0.0-0.28.2-4.1.mga2 vte3-0.32.2-1.mga2 libvte2_90_9-0.32.2-1.mga2 libvte3-devel-0.32.2-1.mga2 libvte-gir2.90-0.32.2-1.mga2 from SRPMS: vte-0.26.2-2.1.mga1.src.rpm vte-0.28.2-4.1.mga2.src.rpm vte3-0.32.2-1.mga2.src.rpm
Confirmed fixed in mga2 64 with the new vte3.
Whiteboard: MGA1TOO, MGA1-32-OK MGA2-32-OK mga1-64-OK => MGA1TOO, mga1-32-OK mga1-64-OK mga2-64-OK
Confirmed the bug on Mageia 2 i586. Installed the update candidates: no more high CPU usage when entering the strange echo commands in gnome-terminal. Confirmed the fix. Update validated. Thanks. Advisory can be found on comment #11. ------------------ SRPM: vte-0.26.2-2.1.mga1.src.rpm vte-0.28.2-4.1.mga2.src.rpm vte3-0.32.2-1.mga2.src.rpm Could sysadmin please push from core/updates_testing to core/updates. Thank you!
Keywords: (none) => validated_updateCC: (none) => malo, sysadmin-bugsWhiteboard: MGA1TOO, mga1-32-OK mga1-64-OK mga2-64-OK => MGA1TOO, mga1-32-OK mga1-64-OK mga2-64-OK mga2-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0163
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED