Bug 712148 (CVE-2011-2198)
Summary: | CVE-2011-2198 vte: Excessive memory and CPU use by processing certain character sequences | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED WONTFIX | QA Contact: | |||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | unspecified | CC: | behdad, bressers, tsmetana | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | vte 0.28.1 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2016-04-07 11:19:46 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 712150 | ||||||
Bug Blocks: | 712153 | ||||||
Attachments: |
|
Description
Jan Lieskovsky
2011-06-09 15:27:55 UTC
This issue affects the versions of the vte package, as shipped with Red Hat Enterprise Linux 4, 5, and 6. -- This issue affects the versions of the vte package, as shipped with Fedora release of 13, 14, and 15. Please schedule an update (once final upstream patch known). Created vte tracking bugs for this issue Affects: fedora-all [bug 712150] CVE Request: [3] http://www.openwall.com/lists/oss-security/2011/06/09/3 Public PoC how to reproduce the issu (from [1]): ================================================ $ printf "\033[100000000000000000@" > /tmp/x $ cat /tmp/x Created attachment 503935 [details] Local copy of the preliminary patch, proposed by the issue reporter From [4] https://bugzilla.gnome.org/show_bug.cgi?id=652124#c4 This was assigned CVE-2011-2198. Statement: (none) |