This bug was fixed in the package gtk+2.0 - 2.24.30-1ubuntu1.16.04.2
---------------
gtk+2.0 (2.24.30-1ubuntu1.16.04.2) xenial; urgency=medium
* Add debian/patches/lp1641912-add-limit-to-list-size.patch, which fixes a
DOS allowing any application to cause all GTK applications to use an
arbitrary amount of memory (LP: #1641912).
-- Simon Quigley <tsimo...@ubuntu.com> Thu, 20 Jul 2017 16:29:53 -0500
** Changed in: gtk+2.0 (Ubuntu Xenial)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gtk+2.0 in Ubuntu.
https://bugs.launchpad.net/bugs/1641912
Title:
Please backport two recent-manager patches
Status in GTK+:
Fix Released
Status in gtk+2.0 package in Ubuntu:
Fix Released
Status in gtk+2.0 source package in Xenial:
Fix Released
Status in gtk+2.0 source package in Yakkety:
Won't Fix
Status in gtk+2.0 source package in Zesty:
Fix Released
Status in gtk+2.0 source package in Artful:
Fix Released
Bug description:
[Impact]
Without these fixes, a specially crafted GTK program can cause a
Denial of Service attack on any machine with open GTK programs.
[Test Case]
In the GitHub issue against mate-panel, an individual with the GitHub
username clbr wrote a Proof of Concept that can be used to demonstrate
that this bug is affecting the system, and this is found here:
http://pastebin.ca/3733209
The commenter reports that the Proof of Concept can be built with the
following command:
gcc -o killer killer.c `pkg-config --cflags --libs gtk+-2.0`
[Regression Potential]
This fix has been uploaded to Artful and has passed to artful-release,
causing no installability problems or autopkgtest regressions.
As for the fix itself, there was already a regression spotted, but the
patch fixing that regression has been spotted and also fixed in this
upload. Since it is putting a limit on the list's size, although this
is highly unlikely at this point in time, epgfm on the GitHub issue
points out the following:
"...
However, the incoming fix set a large number of items (1000) as a hard
limit.
...
Does an application really needs to store 1K recent files? I think
even the badassest screen you can possibly buy now wouldn't have
enough vertical space to display them all."
Should there be the unlikely event that a program needs to use that
many recent files, the program will have some issues, but that is a
bug in the program that needs to use that many recent files, not GTK
itself.
tl;dr low regression potential, where there will be regressions is
excessively large GTK programs, but that is a bug in the program
itself for taking up that much space, not GTK.
[Original Description]
https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=a3b2d6a65be9f592de9570c227df00f910167e9e
https://git.gnome.org/browse/gtk+/commit/?h=gtk-2-24&id=35871edb318083b2d7e4758cbdaad6109eed60ca
Please apply/backport these two patches from the 2.24 branch. They fix a
memory DOS, originally reported against mate-panel here:
https://github.com/mate-desktop/mate-panel/issues/479
For the GTK3 version of this bug, see bug 1641914
Note that MATE is GTK2 only for Ubuntu 16.04 LTS.
To manage notifications about this bug go to:
https://bugs.launchpad.net/gtk/+bug/1641912/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
