From the upstream bug at $URL: When passing a huge value to the "insert-blank-characters" capability (defined in caps.c), gnome-terminal crashes (and maybe other terminals that depend on libvte9). $ cat -n vte-0.24.3/src/caps.c: [...] 418 {CSI "%d@", "insert-blank-characters", 0}, To reproduce the crash: printf "\033[100000000000000000@" This causes the terminal to consume all available memory.
This was added to the tree today with the new release, and the vulnerable version was removed. 15 Jun 2011; Nirbheek Chauhan <nirbheek@gentoo.org> -vte-0.28.0-r200.ebuild, -vte-0.28.0-r300.ebuild, +vte-0.28.1-r200.ebuild, +vte-0.28.1-r300.ebuild: Bump to 0.28.1, security bump, remove vulnerable versions Note that *only* 0.28.1-r200:0 should go stable, the 2.90 slot was never stable, and uses GTK+3. Here's a keywords list: x11-libs/gnome-pty-helper-0.28.1 alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86 x11-libs/vte-0.28.1-r200 alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86 @arch teams: gnome-pty-helper was originally a part of vte, it's now been split out. Don't panic when you see blockers. :)
Great, thanks. Arches, please test and mark stable: =x11-libs/vte-0.28.1-r200 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86" =x11-libs/gnome-pty-helper-0.28.1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86"
!!! All ebuilds that could satisfy ">=x11-libs/gtk+-2.20:2[introspection?]" have been masked. !!! One of the following masked packages is required to complete your request: - x11-libs/gtk+-2.24.5 (masked by: ~amd64 keyword) - x11-libs/gtk+-2.24.4 (masked by: ~amd64 keyword) (dependency required by "x11-libs/vte-0.28.1-r200" @gnome team: which version of gtk?
(In reply to comment #3) > !!! All ebuilds that could satisfy ">=x11-libs/gtk+-2.20:2[introspection?]" > have been masked. > !!! One of the following masked packages is required to complete your request: > - x11-libs/gtk+-2.24.5 (masked by: ~amd64 keyword) > - x11-libs/gtk+-2.24.4 (masked by: ~amd64 keyword) > > (dependency required by "x11-libs/vte-0.28.1-r200" > > @gnome team: which version of gtk? 2.24.4, please. 2.24.5 is suffering from bug 372147. For further reference, also see bug 369909 (future stabilization list for gnome 2).
dev-libs/atk-1.32.0-r1 x11-libs/gdk-pixbuf-2.22.1-r1 x11-libs/pango-1.28.4 x11-libs/gnome-pty-helper-0.28.1 x11-libs/gtk+-2.24.4 x11-libs/vte-0.28.1-r200 seems ok on amd64
The same list of packages look also good on x86.
x86 stable, thanks Andreas Some bug notes: bug #349785 (gtkterm compile failure is not a regression) bug #365539 (one needs to restart running terminals to avoid problems with /etc/termcap)
ppc done
Stable for HPPA.
amd64 stable
After upgrading today to vte-0.28.1-r200 I've noticed it takes 99% CPU starting with: exo-open --launch TerminalEmulator Is there a fix for it? For now I'll have to mask it.
You are hitting bug 372989
Remaining arches, please stabilize directly latest gdk-pixbuf-2.22.1-r2 (bug 373999)
ppc64 done
alpha/arm/ia64/sh/sparc stable
Thanks, folks. Added to existing GLSA request.
CVE-2011-2198 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2198): The "insert-blank-characters" capability in caps.c in gnome-terminal (vte) before 0.28.1 allows remote authenticated users to cause a denial of service (CPU and memory consumption and crash) via a crafted file, as demonstrated by a file containing the string, "\033[100000000000000000@".
This issue was resolved and addressed in GLSA 201412-10 at http://security.gentoo.org/glsa/glsa-201412-10.xml by GLSA coordinator Sean Amoss (ackle).