Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 371320 (CVE-2011-2198) - <x11-libs/vte-0.28.1-r200: Memory consumption denial of service (CVE-2011-2198)
Summary: <x11-libs/vte-0.28.1-r200: Memory consumption denial of service (CVE-2011-2198)
Status: RESOLVED FIXED
Alias: CVE-2011-2198
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.gnome.org/show_bug.c...
Whiteboard: A3 [glsa]
Keywords:
Depends on: 372989 373999
Blocks: 369909 371251
  Show dependency tree
 
Reported: 2011-06-12 21:48 UTC by Tim Sammut (RETIRED)
Modified: 2014-12-12 00:40 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2011-06-12 21:48:17 UTC
From the upstream bug at $URL:

When passing a huge value to the "insert-blank-characters" capability
(defined in caps.c), gnome-terminal crashes (and maybe other terminals
that depend on libvte9). 

  $ cat -n vte-0.24.3/src/caps.c:
  [...]
  418          {CSI "%d@", "insert-blank-characters", 0},

To reproduce the crash:
  printf "\033[100000000000000000@"

This causes the terminal to consume all available memory.
Comment 1 Nirbheek Chauhan (RETIRED) gentoo-dev 2011-06-15 06:47:29 UTC
This was added to the tree today with the new release, and the vulnerable version was removed.

15 Jun 2011; Nirbheek Chauhan <nirbheek@gentoo.org> -vte-0.28.0-r200.ebuild,
-vte-0.28.0-r300.ebuild, +vte-0.28.1-r200.ebuild, +vte-0.28.1-r300.ebuild:
Bump to 0.28.1, security bump, remove vulnerable versions


Note that *only* 0.28.1-r200:0 should go stable, the 2.90 slot was never stable, and uses GTK+3. Here's a keywords list:

x11-libs/gnome-pty-helper-0.28.1 alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86
x11-libs/vte-0.28.1-r200         alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86

@arch teams: gnome-pty-helper was originally a part of vte, it's now been split out. Don't panic when you see blockers. :)
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-06-18 18:27:31 UTC
Great, thanks.

Arches, please test and mark stable:
=x11-libs/vte-0.28.1-r200
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86"

=x11-libs/gnome-pty-helper-0.28.1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86"
Comment 3 Agostino Sarubbo gentoo-dev 2011-06-18 18:37:10 UTC
!!! All ebuilds that could satisfy ">=x11-libs/gtk+-2.20:2[introspection?]" have been masked.
!!! One of the following masked packages is required to complete your request:
- x11-libs/gtk+-2.24.5 (masked by: ~amd64 keyword)
- x11-libs/gtk+-2.24.4 (masked by: ~amd64 keyword)

(dependency required by "x11-libs/vte-0.28.1-r200"

@gnome team: which version of gtk?
Comment 4 Nirbheek Chauhan (RETIRED) gentoo-dev 2011-06-19 03:25:28 UTC
(In reply to comment #3)
> !!! All ebuilds that could satisfy ">=x11-libs/gtk+-2.20:2[introspection?]"
> have been masked.
> !!! One of the following masked packages is required to complete your request:
> - x11-libs/gtk+-2.24.5 (masked by: ~amd64 keyword)
> - x11-libs/gtk+-2.24.4 (masked by: ~amd64 keyword)
> 
> (dependency required by "x11-libs/vte-0.28.1-r200"
> 
> @gnome team: which version of gtk?

2.24.4, please. 2.24.5 is suffering from bug 372147. For further reference, also see bug 369909 (future stabilization list for gnome 2).
Comment 5 Agostino Sarubbo gentoo-dev 2011-06-19 07:04:49 UTC
dev-libs/atk-1.32.0-r1
x11-libs/gdk-pixbuf-2.22.1-r1
x11-libs/pango-1.28.4
x11-libs/gnome-pty-helper-0.28.1
x11-libs/gtk+-2.24.4
x11-libs/vte-0.28.1-r200

seems ok on amd64
Comment 6 Andreas Schürch gentoo-dev 2011-06-22 06:59:50 UTC
The same list of packages look also good on x86.
Comment 7 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-06-22 09:43:52 UTC
x86 stable, thanks Andreas

Some bug notes:

bug #349785 (gtkterm compile failure is not a regression)
bug #365539 (one needs to restart running terminals to avoid problems with /etc/termcap)
Comment 8 Brent Baude (RETIRED) gentoo-dev 2011-06-28 22:06:31 UTC
ppc done
Comment 9 Jeroen Roovers (RETIRED) gentoo-dev 2011-06-29 01:50:04 UTC
Stable for HPPA.
Comment 10 Christoph Mende (RETIRED) gentoo-dev 2011-06-29 15:01:54 UTC
amd64 stable
Comment 11 Joseph 2011-07-02 00:33:02 UTC
After upgrading today to vte-0.28.1-r200 I've noticed it takes 99% CPU
starting with:
exo-open --launch TerminalEmulator

Is there a fix for it?  For now I'll have to mask it.
Comment 12 Pacho Ramos gentoo-dev 2011-07-02 10:40:25 UTC
You are hitting bug 372989
Comment 13 Pacho Ramos gentoo-dev 2011-07-04 11:46:33 UTC
Remaining arches, please stabilize directly latest gdk-pixbuf-2.22.1-r2 (bug 373999)
Comment 14 Mark Loeser (RETIRED) gentoo-dev 2011-07-06 23:34:34 UTC
ppc64 done
Comment 15 Raúl Porcel (RETIRED) gentoo-dev 2011-07-09 16:21:29 UTC
alpha/arm/ia64/sh/sparc stable
Comment 16 Tim Sammut (RETIRED) gentoo-dev 2011-07-09 18:27:59 UTC
Thanks, folks. Added to existing GLSA request.
Comment 17 GLSAMaker/CVETool Bot gentoo-dev 2014-08-19 21:47:46 UTC
CVE-2011-2198 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2198):
  The "insert-blank-characters" capability in caps.c in gnome-terminal (vte)
  before 0.28.1 allows remote authenticated users to cause a denial of service
  (CPU and memory consumption and crash) via a crafted file, as demonstrated
  by a file containing the string, "\033[100000000000000000@".
Comment 18 GLSAMaker/CVETool Bot gentoo-dev 2014-12-12 00:40:21 UTC
This issue was resolved and addressed in
 GLSA 201412-10 at http://security.gentoo.org/glsa/glsa-201412-10.xml
by GLSA coordinator Sean Amoss (ackle).